Geeks With Blogs
Chris Breisch   .NET Data Practices
Search this Blog!

Microsoft has announced that IE7 will support EV SSL Certificates beginning in January 2007.  EV SSL is currently a draft specification for improving secure communications in web-based applications.  Specifically:

    • Primary Purposes. The primary purposes of an EV Certificate are to:
      • Identify the legal entity that controls a website: Provide a reasonable
        assurance to the user of an Internet browser that the website the user is
        accessing is controlled by a specific legal entity identified in the EV
        Certificate by name, address of Place of Business, Jurisdiction of
        Incorporation, and Registration Number; and
      • Enable/encrypted communications with a website: Facilitate the exchange of
        encryption keys in order to enable the encrypted communication of
        information over the Internet between the user of an Internet browser and a
        website.
    • Secondary Purposes. The secondary purposes of an EV Certificate are to help
      establish the legitimacy of a business claiming to operate a website by confirming
      its legal and physical existence, and to provide a vehicle that can be used to assist
      in addressing problems related to phishing and other forms of online identity
      fraud. By providing more reliable third-party verified identity and address
      information regarding the owner of a website, EV Certificates may help to:
      • Make it more difficult to mount phishing and other online identity fraud
        attacks using SSL certificates;
      • Assist companies that may be the target of phishing attacks or online identity
        fraud by providing them with a tool to better identify themselves and their
        legitimate websites to users; and
      • Assist law enforcement in investigations of phishing and other online identity
        fraud, including where appropriate, contacting, investigating, or taking legal
        action against the Subject.

Kelvin Yu posts:

Starting at the end of January 2007, we will make the necessary updates to Windows, so that IE7 will recognize EV Certificates and modify the display accordingly (with a green background for the address bar, as well as embedded identify info, as shown in Figures 1 and 2, from Rob’s earlier post). This will mean that businesses can now assertively establish their online identity and make it visible to consumers who transact with them. Additionally, consumers will now have a new level of trust in their online transactions, because visible feedback on the identity of the business they are transacting with is readily available.

I believe that Firefox already supports these certificates, and in a similar manner, so Microsoft is still playing catch up, but this is a welcome sign.  It's also nice that they're using a similar display mechanism to Firefox rather than inventing something new and different.

Posted on Wednesday, November 8, 2006 8:34 AM General | Back to top


Comments on this post: IE7 and Extended Validation (EV) SSL Certificates

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © Chris J. Breisch | Powered by: GeeksWithBlogs.net