I’ve talked several times in the past about Extended Validation SSL certificates and how they are a great step forward in establishing verified identity for websites. It is therefore with great pleasure that I am writing today about the official ratification of the EV Guidelines v1.0 by the Certification Authority/Browser (CA/B) Forum. You can read their announcement at http://cabforum.org.
Internet Explorer 7 has supported EV SSL Certificates since February 2007, based on the then current draft 11 guidelines. At the time only incorporated businesses and government entities were able to get an EV Certificate, which was a cause of concern for some. Version 1 of the guidelines (which are effective immediately) incorporates the experience from the past five months into the guidelines and expands the process so that now unincorporated businesses (such as sole proprietorships or general partnerships) can also get an EV certificate. Given the benefits that EV SSL brings with the verified identity information it offers to the users, there’s no good reason today for using a traditional SSL certificate instead of an EV certificate. (EV certificates work like traditional SSL certificates on older browsers).
IE7 users can already see the verified identity information (contained in the EV certificate and displayed in the address bar) on over 1,000 live sites on the internet – and with v1 of the guidelines, we expect the EV sites to keep growing even faster. But this is not just an IE story. Other browser vendors have committed to implementing EV support in upcoming versions, so their users can enjoy the same added protection that IE7 offers today.
And while EV is not a panacea, it is definitely a significant step forward and shows how the industry can work together to protect users.