Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with Extended Validation SSL
Showing posts in English
Tim Callan | 10 Apr 2008 | 0 comments

SSL Blog readers will know that I believe the presence of the VeriSign Secured Seal causes site visitors to be more likely to complete transactions. The idea appeals to my reason. Extensive research indicates that consumers are afraid of online security and that they opt out of transactions in response. The VeriSign Secured Seal is widely recognized as an indicator of premium security on a site. Therefore it follows that site visitors will be less reluctant to proceed when the VeriSign Secured Seal is present.

It's also supported by anecdotal evidence. I can't count the number of people who have told me that they like to see the seal on a site before they put in confidential information. Nor the number of site owners who have told me that they believe their own customers expect to see the seal and reward them for including it.

However, in terms of hard measured results, I have only had a single...

Tim Callan | 26 Mar 2008 | 0 comments

There's a lot of discussion these days about EV SSL Certificates and how quickly they're penetrating the mainstream. In light of that discussion, it's interesting to note that over 100 credit unions have deployed Extended Validation SSL already.

Tim Callan | 15 Mar 2008 | 0 comments

Regular readers of The SSL Blog will know that I talk frequently about Extended Validation SSL and occasionally about code signing. Well, the CA/Browser Forum is interested in tackling EV code signing next. After all, there are plenty of benefits to definitively knowing who originated the code you're considering installing, just as one might want to definitively know who operates a Web site that one is viewing.

I may get into this subject more later (surely I will), but for the moment it will suffice to state that with the emergence of malware as an...

Tim Callan | 12 Mar 2008 | 0 comments

This one is just plain imaginary. Seriously. Imaginary.

I've seen it trotted out to make the case that EV SSL doesn't work, as in this example where the author seeks to defend Safari against PayPal's recommendation to its users not to use this browser.

The "source" is a research paper published in April 2007. The paper is quite real, and it studies users' understanding of interface conventions in Internet Explorer 6. Just by reading the paper's abstract you can see that the paper draws no conclusion about the EV interface conventions in IE7. It does indict other security...

Tim Callan | 06 Mar 2008 | 0 comments

As someone who focuses most of his work hours on SSL and related technologies, I read a lot of what is written on that subject in the press and the blogosphere and social media sites. I've grown used to a certain amount of misinformation floating around out there and typically view it as a hazard of the online medium.

It happens right now that the dialog around SSL is having a particular problem with information being misinterpreted or taken out of context, or occasionally appearing out of thin air. I'm going to dedicate a few postings to explaining what these misinterpretations are and shining a light on the associated facts.

Let's start with this article that appeared last week from Netcraft. This article discusses the cross-site scripting attack (XSS) and its presence on sites featuring...

Tim Callan | 02 Mar 2008 | 0 comments

You may know that Safari is the only major desktop browser for which there are no announced intentions to support Extended Validation SSL Certificates. I speak with a lot of people about EV SSL, including journalists, site operators, and end users. I have been asked on a number of occasions why Apple has not decided to take advantage of EV certificates to help protect its customer base against phishing and other forms on online identity fraud. My reply has always been a very simple, "Gee, you would have to ask Apple. They don't tell me any more than they tell you."

That said, I always believed in the long run that Apple's users would force the issue by demanding it from the company or abandoning Safari for Firefox, which of course has EV...

Tim Callan | 27 Feb 2008 | 0 comments

Since I've been criticized for linking to press releases, let's handle that problem by combining a bunch of them into a single posting. While I was away on vacation, a bunch of relevent activity took place. In particular a lot of customers announced their EV SSL deployments. Here are the ones I can put my finger on right now.

As I blogged earlier, the Girl Scouts have deployed Extended Validation SSL in time for cookie season.

Health insurance provider Kaiser...

Tim Callan | 25 Feb 2008 | 0 comments

A few weeks ago The SSL Blog mentioned that Microsoft was scheduled to push IE7 using Automatic Updates to the remaining systems that hadn't gotten the push yet. This push is important because more systems than ever will receive IE7. The segments that weren't pushed as heavily in the past were corporate systems, double-byte languages, and systems without piracy protection enabled, at a minimum. Now with more than 100 million IE7 users worldwide, the push to remaining systems went on schedule.

As Microsoft's Craig Spiezle puts it,

Advancements like the ability to spot the green address bar when visiting a site protected by EV SSL Certificates as well as uncompromising protection from the phishing filter, which blocks one million attempts to visit phishing sites each week, are...