How Google Chrome supports EV SSL
If you've been camping in the mountains or something you may not have heard that Google will be releasing its own browser, Chrome.
As you might expect, I was instantly curious about how Chrome works with SSL. These are quick and dirty preliminary results, but here's what I have for you today.
Chrome appears to work with SSL in the expected manner. When SSL is in place, the address bar still displays https, and a lock icon appears next to the address bar.
Chrome also recognizes Extended Validation SSL Certificates. The beta recognizes the VeriSign EV root, at the very least. Google does display the organization name to the right of the URL and highlights that name and the https indicator in green. It's a very consistent adaption of the IE7/IE8 EV experience into the light interface to which Chrome aspires.
I'm getting confirmation on this fact, but I think you have to enable revocation checking in the beta before Chrome will detect EV certs as such. The revocation checking requirement is a good one. I hope that in later betas Google will change the default to on, just as Microsoft did with Internet Explorer 7. If you need to turn on revocation checking, this Google tech note explains how.
I haven't had a chance to check out what Chrome does with self-signed or other untrusted roots or with certificate errors such as domain mismatches and expired certs. My hope is that the browser will handle all these scenarios properly, and if it doesn't in this beta that it will shortly. I'll look into these behaviors and let you know what I find out.