Extended validation, or EV for short, SSL certificates were created by the Certification Authority/Web Browser Forum (CA/B), a trade group of representatives from the two industries looking to save the original promise of SSL certificates as a universal, trusted way to authenticate an encrypted Web site.
The CA/B Forum’s goals are simple: Certify that sensitive data sent over the Internet between two entities like an e-commerce provider and online consumer is adequately encrypted; and verify that the Web server really is owned by the business. Both important steps are needed for a safe, successful, and “phish”-free electronic commercial transaction.
Years after the introduction of the SSL protocol, a broad range of validation techniques have crept into industry practices, sometimes diluting the credentials awarded. From certification authorities that, in old-school fashion, look up businesses requesting certificates and call to see if the number is even still in service, to automated computer validation that, inadequately, merely verifies the business owns the server the certificate represents—the general industry consensus is there needs to be a change.
To remedy this, the CA/B Forum agreed on much more rigorous EV SSL guidelines. While these new policies have been ready for use since October 2006, Microsoft’s latest rollout — Internet Explorer 7 on Windows Vista — will be the first to adopt EV SSL certificates.
When the IE7 user finds a server with an EV SSL certificate, the browser will visually (and colorfully) announce the EV presence by turning the address bar green and identifying the owner of the server, as well as who issued the certificate.
The theory is users will learn to recognize the green address bar as a destination where it is safe to conduct online transactions; there is no risk that it is a phishing or other malicious Web site. The display of yellow and red address bars will alert the Web visitor to proceed with caution.
So, Will Anyone Care?
The e-store buyer remains skeptical: What happens if consumers don’t notice the green bar, or don’t understand what it represents — or don’t even care?
This could happen, but not likely. A number of factors point to EV SSL certificates growing like wildfire in popularity over the next year.
Microsoft is making security the cornerstone of its Windows Vista release and the software behemoth is sure to focus time, technology, and a big budget to energetically educate the marketplace about the value of “going green.”
And so they won’t miss the online retail boat that now adds up to $100 billion in consumer sales, the vast majority of Web browsers will soon adopt the new certification and recognize EV SSL certificates, displaying the characteristic “green means it’s okay to buy” sign.