EV certs or Extended Validation SSL certificate became available some time ago but have been quite slow to take off and are not widely known about or appreciated, but their adoption by organisations is increasing.
To the layman, a certificate is used to validate a secure area of a website. When you are browsing such a website, as part of the process of setting up a secure connection with your computer, you will request information from the website. One of these details will be a certificate which is basically the servers identification. This will contain the server name, the trusted certificate authority (CA), and the servers public encryption key used to encrypt and decrypt the information you are about to communicate to each other.
The only difference between the EV certificates and ordinary SSL certificates is as the name implies some extended validation by the certificate authority and surprise, surprise a higher price tag and this is what is supposed to make them special and harder for the bad guys to get their hands on them.
Because of the extra security measures IE 7 released a patch to change the behaviour of its browser to display these certificates differently.
Firefox also has a plug-in created by VeriSign which you can get here.
This will also change the behaviour of the browser for these new certificates and it doesn’t look that dissimilar from Microsofts, now I don’t know which one came first but to be honest I don’t care either.
Security is one of those topics where consistency across platforms can only help spread the word on security and help to make people more aware and in the end more secure.
My only concern with these new certificates is that with the increase in price tag (£489/year for a regular certificate versus £767/year currently at VeriSign), only the very large organisations will be able to afford them and looking around UK organisations, not many have them with Egg being the only bank at the time of writing.
Comments
Leave a comment Trackback