Web Hosting Basics – Extended Validation SSL Certificates
Web Hosting Basics – Extended Validation SSL Certificates
The year 2005 was the time a consortium of top certified authority (CAs) along with Internet browsers gathered to create a more robust and uniform approach to internet SSL security. Also known by the name of CA/Browser Forum, the group established a common Secure Socket Layer (SSL) technique was needed to verify the authenticity of a website across all browsers and devices, for all CAs and for every Web users. Since January of 2007, new extended Validation (EV) SSL certificates have finally been released across the world and are expected to significantly improve eCommerce and increase the confidence of online shoppers everywhere. Wayne Thayer, Vice President of Development at GoDaddy - a world leading SSL Web hosting company domain registrar, and a key participant of the CA/Browser Forum - told TopHosts that the aim for EV SSL will be to offer an unchanging, highly needed way of ensuring legitimacy vclub online. "There were several prominent players who believed that it was necessary to establish some kind of standard we could bring to the marketplace," Thayer said. "A certificate that meant the same thing regardless of the source from which you purchased it." Before the release of EV SSL, Thayer explained many differing levels of SSL certificates that could be obtained however none of them really went beyond WebTrust which is a seal that is given to sites that adhere to certain standards for business. Numerous types of SSLs like GoDaddy's Turbo SSL and High-Assurance SSL, for example, provide an excellent level of protection and online security but do not have to abide by the same regulations and rules of other CAs and Web hosting service providers. There's no commonality among them and they don't address growing concerns about phishing. Phishing is a form of Internet fraud which aims to steal important information like credit cards, passwords, IDs, and SSNs by using fake websites. With EV SSLs All CAs have to adhere to the same security standards when processing certificates. Visitors to EV SSL-secured websites can be confident that the website is undergoing the same universal authentication process. "The EV vetting process creates an extremely strong connection between the organization that is mentioned in the certificate as well as the actual organization," Thayer said. "... Ev SSL contains a range of additional measures that make it much more difficult for fraudsters fake phishing attacks and pretend to be an entity they're not." The CA/Browser forum outlines a new EV SSL verification process that validates certain elements, such as the legal status of the website as well as the legal name of the company, registration number, right to use the domain name, as well as other legal indications. To be eligible in order to apply for EV SSL, a business must present a letter that is signed by an attorney accountant. This process validates the organization's authenticity, the legitimacy of the application and the overall legitimacy of the business. Contrary to the traditional padlock icon method used for the majority of SSL certificates, web browsers with EV support will show the green address bar as well as an extra label that specifies the owner of the website and the CA that issued their certificate. This feature is particularly beneficial for domains that are believed as a high-risk victim of fraud and phishing schemes. Auction sites, banking websites retailers, and other financial services can better convey their credibility to customers and let them confirm that the information they provide is secure and protected by EV. Presently, there are only Internet Explorer 7 and Opera 8 browsers are EV-ready and can support those new indicator visuals. Mozilla along with Safari are known to support the concept of EV as well, with Firefox scheduled to adopt the feature in their version 3 release. So so far, Thayer states that the adoption of EV SSL has been slow, but it's exactly what we expected. Larger eCommerce sites are adopting it faster, because they realize its potential for fighting fraud. However, it may take longer for it to take off within smaller businesses. At present, the standard requires companies to be incorporated in order to qualify for EV, which severely limits small businesses from gaining the same level of security EV SSLs can provide. Thayer explained the difficulty behind the implementation of EV SSL with smaller enterprises because they do not have the same official documentation as corporations maintain. Instead, smaller businesses identify their own identity through mostly state-level and local files, making it more difficult to adapt them to the universal EV SSL security approach. But Thayer claims GoDaddy and the CA/Browser forum are working to set up EV security of SSL for the small business community, in the near future. However, as IE 7 becomes more widespread and as more SSL certificates begin to expire, organizations will consider the advantages of EV and take on these new SSL certificates. "I think that as Internet Explorer 7 gain more popularity and more sites begin to notice and appreciate an address bar with a green color, we'll see more adoption of SSL certificates," Thayer said. "It's not yet too late to know at the moment, it's only been a few months, but if all SSLs expire within a couple of years after they were issued... we'll find a lot of websites moving to EV by Jan. 2009."

Leave a Reply

Your email address will not be published.