« Silence is Golden | Main | Beta access available to the selected many »

There's a New Standard in SSL

Michael Pincher Thumbnail image for thumb_chapman_pincher.gifTo combat the perception of online transaction insecurity, leading Web browser developers and SSL Certification Authorities (CAs) have joined forces to create a new standard for Website identity authentication.

Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance.

Read this free guide to find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security Web browsers.




| More

Tags:

Posted by Michael Pincher on July 21, 2008 12:00 PM | | View blog reactions


TrackBack

TrackBack URL for this entry:
http://www.computerweekly.com/cgi-bin/mt/mt-tb.cgi/31283

Comments (2)

Andrew Pollack:

Bah.

This one is a money making scheme at best. The cost of SSL certificates is too low for these people who manage suck a hundred bucks a year from every mom and pop online store out there already. Now, they'll have more legitimate reasons to charge more for the "REALLY" good ssl certificate, without which people's address bar wont turn green. Any bets on this cost at least twice as much for the average consumer?

The next level of SSL certificate, if we're going to get serious, will need to come from the government in which the site owner pays taxes, with other governments potentially offering cross validation. That way, in almost every country, forgery of the certificate or mis-use becomes a criminal offense. In the U.S., for example, these certificates could by issued by the post office. They could be available to people and to businesses for use on web sites and on personal authentication ids. Mis-use of these, forgery of them, etc. would be postal fraud.

This half-measure is little more than greed. That green address bar doesn't stand for "GO" it stands for "Money".

Posted by Andrew Pollack | July 21, 2008 4:25 PM

Posted on July 21, 2008 16:25

Robert:

LOL. Postal fraud.

I don't beleive that EV SSL Certificates are just a money-making scheme. It is trivial for anyone to get a normal SSL certificate for a phishing website even if they want to claim that they are Microsoft, Inc. The EV standards make sure every certificate authority is playing by the same rules and ensuring that they issue a certificate to the right company and people with the right authority. If they don't, then they will fail the EV Audit and won't be able to issue EV certificates anymore.

Posted by Robert | July 27, 2008 4:39 PM

Posted on July 27, 2008 16:39

Post a comment

Search


Disclaimer

The opinions expressed herein are the personal opinions of the authors and do not represent either of our employer's views in any way. All postings and code samples are provided 'AS IS' with no warranties, and confer no rights.

About

This page contains a single entry from the blog posted on July 21, 2008 12:00 PM.

The previous post in this blog was Silence is Golden.

The next post in this blog is Beta access available to the selected many.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]