Compartilhar via


I am excited about EV Cert

I like the idea behind Extended Validation Cert a lot.  It is designed to combat phishing problems.  There are some well-known phishing victim sites, such as Paypal, Bank of America, EBay, etc, that would love this feature.  Check out how IE7 green address bar looks like (Courtesy of Verisign).   Yes, it is more expensive to buy the EV certificate because it takes more validation.  However, for heavy online commerce sites, the extra money is nothing compared to potential revenue loss of phishing attacks.

With the birth of EV Cert, the road to security is not all rosy.  Deployment is still difficult.  Currently, only IE7 supports EV Cert with the green address bar.  Firefox has planned to support this in the future.  Moreover, it is very expensive to get an EV cert, which discourages widespread usage.  To my mind, the most common phishing victims are usually high-revenue and high-traffic sites, which renders high EV cert cost a secondary concern.  Last but not least, some CA vendors can degrade integrity of EV cert by not performing full due diligence prior to issuing certificates.

Time will tell whether this technology may alleviate phishing problems.  Security is a cat-and-mouse game.  Let's see what the mouse will do in response to EV cert.