Are you EV SSL enabled?

by Bill Andad on Aug 14th, 2008, 10:36 am

According to VeriSign, more than half of the Internet using people on the planet can get protection from an EV SSL-enabled web browser. Protection, that is, from data and identity theft.

According to Net Applications, as revealed in their latest Web browser market share report, a total of 52.8 percent of web browsers support EV SSL. That breaks down to IE7 covering 47.1 percent and Firefox 3 the remaining 5.7 percent.

Add in whatever percentage share crumbs Opera 9 can muster these days, and allow for the fact that Firefox 3 is new and so uptake and share will inevitably continue to climb, and this all spells good news for web users.

Extended Validation (EV) Secure Sockets Layer (SSL) certificates are, of course, a VeriSign invention which is why the company PRs are passing on this statistical information. If you use a modern browser client then you will probably have noticed the address bar turning green as you visit sites.

That's a good thing, it means those sites are protected by an EV SSL certificate. In turn this provides assurance that the site has been authenticated and is not some cloned resource harvesting your data.

But it is not all good news. as VeriSign admits that "nearly 6,000 Web sites already rely on VeriSign EV SSL Certificates" which is not exactly that confidence inspiring when you consider the millions of sites out there.

"The schemes cooked up by identity thieves to steal personal information just keep growing more sophisticated, a troubling trend that makes advanced protection like Extended Validation an essential part of any Web site's security portfolio," said Tim Callan, vice president of SSL product marketing at VeriSign. "We are pleased to see the browsers supporting EV SSL have reached this crucial tipping point. As more users upgrade to these latest browser versions, and as even more businesses deploy VeriSign EV SSL Certificates, the number of consumers who find the welcome sight of the green address bar will only continue to multiply."

Personally, I think it is a step in the right direction but more akin to being at the back of the crowd at the London Marathon than up front with the real athletes. Only time will tell if EV SSL can finish the race.

Print News Story

Similar Threads

check javascript is enabled!!! in JavaScript / DHTML / AJAX
Power Saving Enabled in Monitors, Displays and Video Cards
everest says my agp is not enabled in Monitors, Displays and Video Cards
No sound but everything enabled in PCI and Add-In Cards
Hibernation cannot be enabled? in Windows NT / 2000 / XP

Comments on this News Story

Permalink

Aug 14th, 2008

Re: Are you EV SSL enabled?

Hi, Bill. I'm Tim Callan, the guy quoted in this posting, and I think the issue you raised is a good one that deserves a response. The issue is, how do six or seven thousand e-commerce sites with EV compare to the millions without? I have written a full posting on this topic on my blog, which is dedicated to the SSL technology platform and its developments (https://blogs.verisign.com/ssl-blog/...stems_are.php), and I'll direct interested parties to that posting for the full discussion. Abbeviated version appears here.

The short answer is that not all Web sites are the same. Some of them enable business interactions containing sensitive information such as credit card numbers, account logins, and personally identifiable information that could be used for identity theft. Some ask you to download and install software. Sites like these are the ones that put consumers at risk of a variety of online crimes, and those are the sites where EV SSL is being adopted. When you look at deployment across that subset of the full selection of Web sites out there (and consider the sort span of time these certificates have been available), adoption actually is quite strong. Every day tens of millions of people are going to Web sites and seeing green bars on their computers.

So I'm not worried about that. EV SSL at this stage is pretty well accepted as a best practice and is well on its way to becoming the norm.

One other minor point of clarification: EV SSL is not VeriSign's invention. It's actually a new open standard that was created by an industry standards body called the CA/Browser Forum.

Cheers,

-tlc

Tim Callan

Newbie Poster

Offline

1 posts
since Aug 2008

Previous Thread in Networking Forum Timeline: Element Management System

Next Thread in Networking Forum Timeline: Pulling IP but no Internet

DaniWeb Message

Cancel Changes

User Name
Password