The CA/B Forums goals are simple: Certify that sensitive data sent over the Internet between two entities like an e-commerce provider and online consumer is adequately encrypted; and verify that the Web server really is owned by the business. Both important steps are needed for a safe, successful, and "phish"-free electronic commercial transaction.
Years after the introduction of the SSL protocol, a broad range of validation techniques have crept into industry practices, sometimes diluting the credentials awarded. From certification authorities that, in old-school fashion, look up businesses requesting certificates and call to see if the number is even still in service, to automated computer validation that, inadequately, merely verifies the business owns the server the certificate representsthe general industry consensus is there needs to be a change.
When the IE7 user finds a server with an EV SSL certificate, the browser will visually (and colorfully) announce the EV presence by turning the address bar green and identifying the owner of the server, as well as who issued the certificate.
The theory is users will learn to recognize the green address bar as a destination where it is safe to conduct online transactions; there is no risk that it is a phishing or other malicious Web site. The display of yellow and red address bars will alert the Web visitor to proceed with caution.
So, Will Anyone Care?
The e-store buyer remains skeptical: What happens if consumers dont notice the green bar, or dont understand what it represents or dont even care?
This could happen, but not likely. A number of factors point to EV SSL certificates growing like wildfire in popularity over the next year.
Microsoft is making security the cornerstone of its Windows Vista release and the software behemoth is sure to focus time, technology, and a big budget to energetically educate the marketplace about the value of going green.
And so they wont miss the online retail boat that now adds up to $100 billion in consumer sales, the vast majority of Web browsers will soon adopt the new certification and recognize EV SSL certificates, displaying the characteristic green means its okay to buy sign.