A new SSL certificate is on the way

Extended Validation SSL to make Web browsing safer

Web-based businesses face a crisis in consumer confidence because of phishing scams. But because of a new kind of SSL certificate, Web sites will be able to definitively demonstrate their identity, and customers will be able to confirm the identity of trusted sites.

Extended Validation SSL (EV SSL) certificates represent more than a year's effort by an industry consortium called the CA/Browser Forum. These certificates became available last month for the benefit of Web businesses and site visitors. EV SSL certificates can facilitate online commerce by increasing visitor confidence and greatly reducing phishing's effectiveness.

Many online shoppers understand that the little lock on the browser means transmissions are encrypted and therefore protected from spying eyes, but how do they know they reached a reputable site?

Two issues must be addressed. The first is to identify a new category of SSL certificate that ensures a site owner's identity, and the second is a browser interface that makes it easy to see the identity when it's known and recognize when it isn't. EV SSL certificates are the new certificates in question.

The CA/Browser Forum, with more than 20 leading browser manufacturers and SSL providers, has created a standardized authentication process that any certificate authority must follow for EV certificates, including independent audit to confirm compliance.

The forum built this process on existing practices demonstrated successfully in more than a decade of widespread use. The standard goes into great detail on three main authentication legs: organization, domain and requestor.

The certificate authority must establish that the requesting organization is a legally established business or nonprofit on record with the local government. It must establish this organization's ownership or right to use the Web domain in question, and it must establish that the requesting individual is employed by the organization and has the authority to obtain SSL certificates. Each authentication step depends on independent, outside information obtained from reliable third-party sources.

Once a certificate authority completes this authentication, it may issue a certificate with EV SSL status. This certificate operates exactly like a traditional SSL certificate. Browsers not built to recognize EV certificates (including Internet Explorer 6, Firefox 2 and their predecessors) behave as with non-EV certificates. New EV-compatible browsers, however, display these certificates in highly visible and informative ways, starting with Internet Explorer 7.

Internet Explorer 7 has added interface conventions to enhance site owner identification, most obviously the green address bar. When an Internet Explorer 7 browser accesses a page with an EV SSL certificate, it changes the address bar's background to green, which indicates a site has undergone high-level identity authentication.

Internet Explorer 7 also contains the security status bar. On pages with EV SSL certificates, it displays the organization name, which comes directly from the certificate. Because the certificate authority verified this name and the browser displays it in its own interface, visitors can rely on it.

Internet Explorer 7 detects an EV certificate through a marker in the certificate called an OID. In real time the browser confirms that this SSL root has an EV OID in good standing and then displays the EV interface features. This architecture makes it possible to adjust a certificate authority's EV status in real time. For example, if a certificate authority consistently fails at reliably performing EV authentication, browsers could stop detecting these certificates as EV certificates, protecting the overall trustworthiness of EV SSL.

Many industry watchers expect EV certificates to significantly hinder phishing and instill confidence in site visitors. By providing a reliable, highly visible indicator of site identity, this standard makes it possible for visitors to take control of their security.

Tim Callan is director of product marketing for VeriSign.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Callan

Network World
Show Comments

Essentials

Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >

Mobile

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Shining a light on creativity

MSI has long pushed the boundaries of invention with its ever-evolving range of laptops but it has now pulled off a world first with the new MSI Creative 17.

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?