As an elected member of the Oasis IDTrust Steering Committee, I had an opportunity to participate at the NIST IDTrust 2009 symposium held at NIST.
I moderated a special session on "Browser Security" where the speakers included Prof.Chadwick from University of Kent.
The complete program is here.
My presentation slides are here.
* The CA goes through extensive review process before issuing an EV Certificate. Annually, the CA has to go through an audit process.
* Firefox2 and Opera display an yellow bar for https. Firefox3 dropped the yellow bar. The user will have to use the tools menu and page info to get information on the certificate.
* Google Chrome uses a secure architecture by separating the web domain and user domain. This separation of domains accounts for about 70% web vulnerabilities. The rest 30% are not under the control of browsers.
* Private Browsing is one of the most sought after features by users for a long time. Apple Safari has private browsing from a long time.
* Many of the plugins operate with root privileges. Hence it is important to use trustworthy plugins.