EV-SSL Turns Two. Are You Buying?

Two years after it launched Extended Validation SSL (EV-SSL), more than 11,300 valid certificates have been sold, with around 8,000 of them sold by VeriSign, developer of the certificates.

Of course, considering that VeriSign has over one million standard SSL certificates total,
EV-SSL still has a ways to go until it is dominant.

SSL certificates are used across the Web to secure transactions and information transit across the Internet. Yet a basic SSL certificate on its own doesn’t necessarily verify the identity or authenticity of a Web site, which is why VeriSign introduced EV-SSL certificates two years ago.

VeriSign claims that the technology is growing rapidly.

“We’re quite pleased with not only the overall number of certificates
deployed but also the level of deployment by leading sites such as Bank of
America, eBay, and Charles Schwab,” Tim Callan, vice president of product
marketing at VeriSign, told InternetNews.com . “We’re also very
pleased that all popular browsers recognize EV certificates today, with over
70 percent of Internet users on EV-aware browsers.”

An EV-SSL certificate involves a validation to ensure that the domain
owner and site is legitimate. Part of the process involves getting a lawyer
or other authorized organization or individual to vouch for an EV-SSL
certificate claim.

Not so easy

Warren Adelman, president and chief operating officer of EV-SSL vendor
GoDaddy, explained to InternetNews.com that EV-SSL certificates are
more expensive, more complex and more time consuming to obtain than regular
SSL certificates.

“There are a couple of challenges with Extended Validation and one of the
challenges is price,” Adelman said. “These are fairly expensive certificate
types, the price is driven by what is a fairly complex set of data gathering
that takes place as part of the extended validation requirement and that
creates a barrier.”

At GoDaddy, for example, the most basic type of SSL certificate is sold for
$29, while EV-SSL is available for $499. Browser vendors, including Mozilla,
Microsoft, Google (NASDAQ: GOOG) and Apple (NASDAQ: AAPL) all have a form of indicator to notify a user that they are on an EV-SSL protected site.

On Mozilla Firefox, for example, regular SSL encrypted sites are typically identified with just a padlock icon, while the icon for an EV-SSL site lights up in green.

Not all users are aware of EV-SSL, and that’s an area where Adelman argues
that further education is still required. It’s something that VeriSign
agrees with, though VeriSign’s Callan argued that there is real value that
businesses have seen from EV, as opposed to just normal SSL.

“EV’s challenges for adoption are very typical to other new successful
technologies. It is largely an exercise of increasing awareness and showing
measurable returns from the technology,” Callan said. “Furthermore, VeriSign
has published over 20 case studies from around the world showing measured
uplift ranging from five to 87 percent as a result of EV.”

While EV-SSL represents a degree of authenticity that is greater than
regular SSL alone, neither GoDaddy nor VeriSign expect regular SSL to go
away anytime soon. Though SSL is used to secure consumer facing sites that
could benefit from EV-SSL, GoDaddy’s Adelman noted that SSL is also used
internally in organizations where the extended validation is not needed.

Both GoDaddy and VeriSign are also seeing a migration from existing SSL
customers to EV-SSL.

“Most of our EV deployments have been from traditional VeriSign
customers,” VeriSign’s Callan said. “That makes perfect sense when you
consider that the VeriSign Secured Seal is a highly recognized security mark
that has been demonstrated to increase consumer confidence on sites and
drive additional transactions. EV purchasers seek the very same effect, and
therefore we’re not surprised to see our seal adopters in favor of EV SSL.”

That said, GoDaddy’s Adelman noted that broader market adoption is still
something that will require more education.

“We still live in a world where people fall for spam e-mail. As hard as
that is to believe, since the industry has been out there telling people
about the danger of spam for years, ” Adelman commented. “Yet we can read a
story a week about someone that has lost money on a spam scam. So leaping to
educating people about the padlock and green and EV-SSL we have an
educational process that will take years to unfold.”

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web