December 26, 2006 | Posted By : Isabel Wang at 4:15 PM PERMALINK | Blog Comments (6)

IE7 to Display EV SSL "Safe Bar"; How Will Devaluation of Old Certs Affect Web Hosts?

I've just read on Ars Technica and TechDirt that starting in January, Microsoft will flag sites with Extended Validation SSL certs with a green "safe bar".

According to draft guidelines (PDF) from the CA/Browser Forum, that green safe bar won't be easy to come by. For one, the cert issuer must verify applicants' addresses against government records. If there isn't a match, an in-person visit is required, along with photographic documentation of the business' building exterior and actual workspace.

VeriSign has started selling EV certs for $2495 (!). GeoTrust's got them too, for $899. As of yet, there's no reference to EV on Comodo's website. GoDaddy seems to be the only web host who plans to offer it, starting in "early 2007".

"Goodbye, SSL padlock", says Nate from Ars Technica. In which case, goodbye also to web hosting providers' revenue stream from SSL cert sales - and good luck to those who've invested in substantial SSL inventories. On one hand, the EV certs aren't priced for the mass market. At the same time, site owners will be reluctant to pay for a second class cert that doesn't come with the coveted green bar.

Print | Send | del.icio.us | Linking Blogs

Comments

[Add Comment]

Firefox isn't supporting EV yet, although I think it will soon. I do have to wonder if the EV certs are a long term solution. I have a lot of faith in the ability of bad guys to overcome security measures, cryptographic or not. Coming soon: Spyware to make your IE7 toolbar turn green.

# Posted By Daniel Golding | 12/26/06 7:58 PM

Comodo sells EV certificates at http://instantssl.com

# Posted By Igor Seletskiy | 12/26/06 8:48 PM

Igor - you're right, and it's on sale for $499.95 even! :) But how come it's not mentioned on http://www.comodogroup.com/products/certificate_se... ?

Dan - there's a Chinese saying about how rule-breakers are 3x faster-moving than rule-makers. Some spyware developer will make a fortune on that safe-bar simulator!

# Posted By Isabel Wang | 12/26/06 9:41 PM

It would be amazing to slowly see a green bar take precedence over The Lock. I have to sleep on this one before making any more comments. I'm speechless!

# Posted By Kayla Fleming | 12/27/06 2:21 AM

Companies that pay $500, $900 or $2500 for a green bar will advertise the hell out of their extra strength security. It might take a while for consumers to catch on, but owners of traditional certs will start complaining right away that they've been sold last generation technology. I'm concerned that this will put their web hosts in a tough position...

# Posted By Isabel Wang | 12/27/06 9:33 AM

Digicert, Entrust and Xramp also plan to sell EV certificates.

Under the current standard, it appears only corporate entities are eligible for EV SSL certificates, so there's bound to be market segmentation for some time to come, as web hosts will continue to make non-EV certs available for individuals and sole proprietorships.

# Posted By Rich Miller | 12/28/06 2:27 PM

[Add Comment]