Computing in the real world
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

News 

[PSUs]
Wednesday 13th June 2007
Browser developers agree guidelines for site validation 4:06PM, Wednesday 13th June 2007
The CA/Browser Forum has released new guidelines for the secure validation of websites. The guidelines set out a new Extended Validation (EV) SSL certificate, and they include standardised procedures for verifying the identity of the certificate holder.

The Forum, which comprises certification authorities and Web browser developers, said that the EV SSL Certificates build on the existing SSL certificate format, but provide an additional layer of protection. It is, they state, a strictly defined process to ensure that the certificate holder is who they claim to be.

To ensure the integrity of the process, measures are specified that allow for the effective revocation of improperly issued or used certificates.

All leading Internet browser vendors have stated their support for EV SSL, and either currently support or have announced plans to support the technology, which will allow the browser to display the verified identity of a website to a user.

IE7 users can already see the verified identity information (contained in the EV certificate and displayed in the address bar) on over 1,000 live sites on the internet. And with v1 of the guidelines, we can expect the EV sites to keep growing.

Internet Explorer 7 has supported EV SSL Certificates since February 2007. Senior product manager Markellos Diorinos noted<
 
 
ADVERTISEMENT
that the Microsoft browser displays verified identity information from more than 1,000 websites in the address bar.

'Determining the identity of the websites they visit has always been a challenge for internet users,' he said Microsoft. 'With Extended Validation SSL Certificates, which allow Internet Explorer 7 to display verified identity information for websites, users are now able to make better trust decisions online.'

Firefox currently relies on a plug-in for EV support, but its developer, Mozilla, participated in the development of the new guidelines.

'Mozilla is excited to see the new extended validation guidelines that have resulted from collaboration between certificate authorities,' said Window Snyder, chief security officer. 'EV SSL will make it easier for Firefox to tell users who is behind the website they're seeing, which is an important factor in making trust decisions.'

The guidelines were similarly welcomed by the developers of Opera and Konqueror. Apple did not participate in the Forum.

Critics of EV SSL claim that it will do little to curb phishing attacks and point to a 2006 study by Stanford University and Microsoft that appeared to show that the additional information in IE7 did not help users when it came to identifying attacks. But the study was itself criticised for the small size of its sample.
Simon Aughton

Submit to: Digg  |  Slashdot  |  Del.icio.us  |  Technorati

Related News


Sponsored Links
Buy Lexmark Printers and Ink at PC World
PC World have a great range of Lexmark printers available online and in store at low prices. Choose from Lexmark photo, inkjet, laser and multi functional printers Reserve online and Collect@Store.
Back to top
Offers
Buy Lexmark Printers and Ink at PC World
PC World have a great range of Lexmark printers available online and in store at low prices. Choose from Lexmark photo, inkjet, laser and multi functional printers Reserve online and Collect@Store.
www.pcworld.co.uk
Compare Broadband
Broadband?
Compare 50+ packages
Enter your postcode below:
Powered by:
Top 10 Broadband
Bookstore Top 5
› See more News
› See more Hot topics

Columns

Prolog:

There are lots of ways to save money, says Tim Danton, but it's the little things that count. › See full Opinion
› See more Columns
›  See more Research Papers