Printed from www.pcpro.co.uk
Browser developers agree guidelines for site validation
Posted on 13 Jun 2007 at 14:39
The CA/Browser Forum has released new guidelines for the secure validation of websites. The guidelines set out a new Extended Validation (EV) SSL certificate, and they include standardised procedures for verifying the identity of the certificate holder.
The Forum, which comprises certification authorities and Web browser developers, said that the EV SSL Certificates build on the existing SSL certificate format, but provide an additional layer of protection. It is, they state, a strictly defined process to ensure that the certificate holder is who they claim to be.
To ensure the integrity of the process, measures are specified that allow for the effective revocation of improperly issued or used certificates.
All leading Internet browser vendors have stated their support for EV SSL, and either currently support or have announced plans to support the technology, which will allow the browser to display the verified identity of a website to a user.
IE7 users can already see the verified identity information (contained in the EV certificate and displayed in the address bar) on over 1,000 live sites on the internet. And with v1 of the guidelines, we can expect the EV sites to keep growing.
Internet Explorer 7 has supported EV SSL Certificates since February 2007. Senior product manager Markellos Diorinos noted that the Microsoft browser displays verified identity information from more than 1,000 websites in the address bar.
'Determining the identity of the websites they visit has always been a challenge for internet users,' he said Microsoft. 'With Extended Validation SSL Certificates, which allow Internet Explorer 7 to display verified identity information for websites, users are now able to make better trust decisions online.'
Firefox currently relies on a plug-in for EV support, but its developer, Mozilla, participated in the development of the new guidelines.
'Mozilla is excited to see the new extended validation guidelines that have resulted from collaboration between certificate authorities,' said Window Snyder, chief security officer. 'EV SSL will make it easier for Firefox to tell users who is behind the website they're seeing, which is an important factor in making trust decisions.'
The guidelines were similarly welcomed by the developers of Opera and Konqueror. Apple did not participate in the Forum.
Critics of EV SSL claim that it will do little to curb phishing attacks and point to a 2006 study by Stanford University and Microsoft that appeared to show that the additional information in IE7 did not help users when it came to identifying attacks. But the study was itself criticised for the small size of its sample.
Author: Simon Aughton
advertisement
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Microsoft Word 2010 screenshots: Text Effects
- Microsoft Word 2010: inserting screenshots
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
