Wednesday, 20 July 2011

Improving SSL: Extended Validation (EV) SSL Certificates

Hi, I’m Kelvin Yiu, a program manager with the Windows Crypto team, and I’m very excited to be posting today on the IE blog, announcing plans to make Extended Validation SSL OR EV SSL Certificates available in January 2007.
For over a year, we’ve been working on shaping the form of the next generation SSL (Secure Socket Layer) Certificates, so that they not only provide encryption but also a standard for identity on the Internet. For that purpose we teamed up with many Certification Authorities (CAs) and Internet Browsers to create the CA/Browser forum, tasked with the creation of these next-generation Certificates, called EV SSL Certificates.
The CA/Browser forum has provided a great service, and has helped evolve the EV SSL guidelines to their current Draft 11. We feel very strongly that the current version of the EV SSL guidelines provides tremendous value to help protect consumers from phishing, while maintaining compatibility with existing browsers.
Recently, we invited all the members of the CA/Browser forum to join us in supporting EV SSL Certificates based on the current guidelines, and at this time I wish to extend the invitation to all CAs interested in participating. The industry response has been very strong, and many CAs such as Verisign (including Thawte and GeoTrust), CyberTrust, Entrust, GoDaddy, QuoVadis, XRamp, SecureTrust and DigiCert have already expressed their intention to support EV SSL Certificates now, while other CAs such as Wells Fargo have expressed strong support for our efforts to drive EV Draft 11 forward. Browsers, such as KDE and Opera, are also planning to add support for EV Draft 11 in future versions of their software.
Starting at the end of January 2007, we will make the necessary updates to Windows, so that IE7 will recognize EV Certificates and modify the display accordingly (with a green background for the address bar, as well as embedded identify info, as shown in Figures 1 and 2, from Rob’s earlier post). This will mean that businesses can now assertively establish their online identity and make it visible to consumers who transact with them. Additionally, consumers will now have a new level of trust in their online transactions, because visible feedback on the identity of the business they are transacting with is readily available.
Fig 1: IE7 address bar for a site with a Extended Validation SSL certificate
(showing the identity of the site from the SSL Certificate)

Fig 2: IE7 address bar for a site with a Extended Validation SSL certificate(alternating in the name of the Certification Authority who identified the site)

We do not expect EV SSL Certificates to eradicate the phishing problem, but we are convinced that it is a significant step forward in protecting consumers. EV SSL Certificates provide tremendous value to Internet users today, and the industry will keep evolving the guidelines to keep pace with the changing Internet landscape.

No comments:

Post a Comment