- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Web-based businesses face a crisis in consumer confidence because of phishing scams. But because of a new kind of SSL certificate, Web sites will be able to definitively demonstrate their identity, and customers will be able to confirm the identity of trusted sites.
Extended Validation SSL (EV SSL) certificates represent more than a year's effort by an industry consortium called the CA/Browser Forum. These certificates became available last month for the benefit of Web businesses and site visitors. EV SSL certificates can facilitate online commerce by increasing visitor confidence and greatly reducing phishing's effectiveness.
Many online shoppers understand that the little lock on the browser means transmissions are encrypted and therefore protected from spying eyes, but how do they know they reached a reputable site?
Two issues must be addressed. The first is to identify a new category of SSL certificate that ensures a site owner's identity, and the second is a browser interface that makes it easy to see the identity when it's known and recognize when it isn't. EV SSL certificates are the new certificates in question.
The CA/Browser Forum, with more than 20 leading browser manufacturers and SSL providers, has created a standardized authentication process that any certificate authority must follow for EV certificates, including independent audit to confirm compliance.
The forum built this process on existing practices demonstrated successfully in more than a decade of widespread use. The standard goes into great detail on three main authentication legs: organization, domain and requestor.
The certificate authority must establish that the requesting organization is a legally established business or nonprofit on record with the local government. It must establish this organization's ownership or right to use the Web domain in question, and it must establish that the requesting individual is employed by the organization and has the authority to obtain SSL certificates. Each authentication step depends on independent, outside information obtained from reliable third-party sources.
Once a certificate authority completes this authentication, it may issue a certificate with EV SSL status. This certificate operates exactly like a traditional SSL certificate. Browsers not built to recognize EV certificates (including Internet Explorer 6, Firefox 2 and their predecessors) behave as with non-EV certificates. New EV-compatible browsers, however, display these certificates in highly visible and informative ways, starting with Internet Explorer 7.
Rss FeedRss Feed
Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (6)
Certifiably UselessBy EdSF on March 9, 2007, 12:08 pmA Standford study finds EV SSL certifiably useless. The only real information a user will get from an EV certificate is that a particular web site ponied up extra...
Reply | Read entire comment
EV SSL = New Revenue StreamBy EdSF on January 23, 2007, 11:51 am "Web-based businesses face a crisis in consumer confidence because of phishing scams. But because of a new kind of SSL certificate, Web sites will be able to definitively...
Reply | Read entire comment
Phishing dreamzBy Anonymous Coward on January 10, 2007, 1:48 pm"Many industry watchers expect EV certificates to significantly hinder phishing" how many phishing sites use digital certificates?? The few seem to use cheapo...
Reply | Read entire comment
Let's look at an outsider's viewpointBy Tim Callan on January 5, 2007, 8:45 pmThis post accuses me of bias and makes the unsubstantiated claim that phishers will "find a way around" it. Since Anonymous won't believe what I have to say anyway,...
Reply | Read entire comment
This article is highlyBy Anonymous on January 5, 2007, 9:16 amThis article is highly biased towards EV SSL certificates, considering the author is the marketing director for Verisign. EV SSL certificates offer nothing more...
Reply | Read entire comment
View all comments