From the ‘how secure do you want to be‘ files:
Extended Validation SSL (EV-SSL) certificates recently turned two , and seem to be growing in adoption with over 11,000 sites.
EV provides additional audit and verification to ensure that a site is authentic. A critical part of the EV-SSL ecosystem are the browser vendors and one of the first to support EV-SSL was Mozilla Firefox.
I asked Mozilla’s ‘Human Shield’ (and all around good guy) Johnathan Nightingale about his views on EV-SSL and he’s optimistic on the technology though there is still more to be done.
“EV gives us a strong foundation for website identity, our focus now is to build on that,” Nightingale said. “Now that we have a place in the browser to talk about a site’s identity, we’d like to expand the information there to include details about your relationship with that site.”
He added that included information could be a user’s history with a site, whether they have saved passwords there or have bookmarks for this site, as that information all helps users to know who they’re dealing with online.
“Arming our users with useful identity information was a central motive behind our participation in writing the EV guidelines, and it’s something we will continue to do.”
It’s a great idea and I think that Mozilla is moving in the right direction. The fundamental issue though still remains that users will still do insecure things. It’s something that domain registrar GoDaddy’s COO Warren Adelman reminded me off when I spoke to him for my original article on EV-SSL.
“We still live in a world where people fall for spam e-mail, ” Adelman commented. “So leaping to educating people about the padlock and green and EV-SSL, we have an educational process that will take years to unfold.”