Web browsers to adopt enhanced SSL

IE7 to use Extended Validation SSL certificates in January, others to follow.

Microsoft plans to add support for the upcoming Extended Validation standard for SSL certificates this January through a software update to Internet Explorer 7.

Secure Sockets Layer (SSL) certificates allow Web users to verify the identity of the organisation running a website, and indicate that the site's traffic is encrypted. The certificates are commonly used by banks and e-commerce websites.

Users can identify a website using certificates through a small padlock that shows up in the browser window.

Older versions of Internet Explorer place the icon in the bottom of the window while Internet Explorer 7 puts it in the address bar. Firefox colours the address bar yellow in addition to displaying a padlock.

Online scammers, however, have eroded trust in SSL certificates as they started to use them for phishing websites and other online scams.

Browsers will still recognise certificates that are not issued by official certificate authorities, but critics claim that some certificate authorities fail to check the identity of applicants because they prefer revenues over rigid security.

The Extended Validation SSL certificates will introduce a more stringent vetting process, including verification of the applicant's physical existence, identity and place of business, as well as its right to use the domain name for which the documents is requested.

The standard is defined by the CA/Browser Forum which comprises certificate authorities and browser developers. The organisation published a Draft 11 (PDF) version of its guidelines last month. 

Microsoft earlier this week urged fellow members on its IE Blog to support the current guidelines in their certificates and browsers.

Following an update to Internet Explorer 7 scheduled for January, the address bar in the browser will turn green when the user visits a website that uses an EV SLL certificate, and will display the name of the certificate authority which issued the document.

The Opera and KDE browsers plan to add support for the technology, but Mozilla, which is part of the CA/Browser Forum, but has not yet publicly discussed how it will support the standard.

Several certificate authorities are starting to advertise the new certificates in anticipation of the new industry support.

Hosting provider GoDaddy said that it expects to start selling the certificates early next year, while Xramp is planning to start selling certificates based on the current draft specifications later this month. 

VeriSign will sell EV SSL certificates, but was unable to say when it will start issuing the documents.

Copyright ©v3.co.uk