Who Are You? EV SSLs Not Engouh to Say For Sure

Featured Resource:

SearchSecurity has a compelling read in "EV SSL certificates won't stop phishers, researchers say" which isn't just a "No, it won't work" critque of extended validation SSL certificates. Researchers Billy Rios and Nitesh Dhanjan call EV SSLs commendable, but not enough. They call for a radical solution to the problem of phishing:

"What we really need is a revamp of the financial system in how identities are established in the real world."

That was part of the point of EV SSLs. By having a trusted 3rd party vouch for the identity of a business, customers would know they are working with the real McCoy. How exactly we should improve identity establishment is unclear. My first concern is cost. EV SSL have fairly extensive reporting and verification costs, what will a new and improved solution entail?

I'm looking forward to hearing more from Billy Rios and Nitesh Dhanjani. They've put forward some bold ideas that warrant attention, perhaps they've opened a subject we should have been discussing all along.

Recent Posts

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net

Site Sponsor:

Now Available:

Featured Resource:

Realtime Communities

Newsletter

Monthly Archives

RSS

Ask the Expert