Google Site Search


Tuesday, February 26, 2008

Extended Validation Certificates are close to 1 year now

The CA/Browser Forum defines EV Certificates as:
The Extended Validation (EV) SSL Certificate standard is intended to provide an improved level of authentication of entities that request digital certificates for securing transactions on their Web sites. The next generation of Internet browsers will display EV SSL-secured Web sites in a way that allows visitors to instantly ascertain that a given site is indeed secure and can be trusted. A new vetting format, which all issuing Certification Authorities (CAs) must comply with, ensures a uniform standard for certificate issuance. This means that all CAs must adhere to the same high security standards when processing certificate requests. Consequently, visitors to EV SSL-secured Web sites can trust that the organization that operates the site has undergone and passed the rigorous EV SSL authentication process as defined by the CA/Browser Forum. Internet users thus will be able to trust that particular Web sites are what they claim to be, rather than fraudulent mirror sites operated by perpetrators of phishing schemes.

You can get a reasonable look at how EV Certificates have progressed since their birth at the following Netcraft article:
Extended Validation SSL Certificates now 1 Year Old

Some interesting points from the article are:
Absolute growth of EV SSL certificates has remained largely constant for several months, and the total (around 4000 sites) is dwarfed by the 809,000 sites that use traditional SSL certificates.

You can take a look at how IE7 will display EV Certificates by clicking the following image:
Paypal website in IE7

EV Certificates are certainly a welcome change, but they are not the solution to all the problems. Here is a report of vulnerability of EV Certificates to be backdoors into installing XSS.

No comments: