Video Screencast Help
Website Security Solutions
Showing posts tagged with Browsers
Showing posts in English
Tim Callan | 07 May 2008 | 0 comments

Mozilla Corporation member Deb Richardson gives us this thorough tour of the new trust indicators in Firefox 3. Apparently Firefox will have a five-tiered color scheme, which goes (in decreasing order of trust):

Green - EV SSL Certificate. Complete idenity known, both domain and organization.
Blue - SSL Certificate. Partial identity know. Domain only.
Gray - no information.
Yellow - invalid certificate. Deb's example includes a self-signed certificate.
Red - phishing site.

The careful observer will notice that this scheme is very similar to (though not identical to) IE7's four-tier system of green, "clear" (white), yellow, and red. The...

Tim Callan | 21 Feb 2008 | 0 comments

First big development. Firefox 3 in out in beta 3. And it has Extended Validation support.

Like Internet Explorer 7, Firefox 3 includes a green-colored bar at the top of the chrome that displays when accessing a site with an EV SSL Certificate. This green bar sits adjacent to the URL and contains the name of the organization and the country. There certainly are some cosmetic differences, like the fact that the organization name is to the left of the domain address in Firefox and to the right in IE7. In the grand scheme of things I don't view these differences as important.

As Firefox moves into release, you can expect me to track milestones and adoption for this browser, just as I have for IE7 and will for any other significant browser that comes out with EV...

Tim Callan | 14 Jan 2008 | 0 comments

Worldwide market share for Internet Explorer 7 just surpassed 40%. And as we've watched the IE7 adoption curve, we've seen that actual traffic to online businesses has a stronger mix of new-generation browsers than the worldwide market share shows. Which means any typical site should expect well in excess of two in five site visitors to be on IE7 (and therefore enabled for EV SSL).

Tim Callan | 26 Dec 2007 | 0 comments

Okay, I got back from my vacation and installed Firefox Beta 2 today. Contrary to early reports, it does not appear to have any support for EV SSL included. I'll continue to look into it and let you know if my initial ten-minute squint at the product is wrong, but for now I think we need to await Beta 3.

Tim Callan | 21 Dec 2007 | 0 comments

Firefox 3 beta release 2 is available, and it has support for Extended Validation SSL. As covered earier by the SSL Blog, Firefox has some other SSL improvements built in as well. I just downloaded and haven't installed it yet. I'll get it running and let you know what I see.

Tim Callan | 17 Aug 2007 | 0 comments

I never got around to blogging this post, but it deserves mention. Apologies for that. Been a little busy.

You may know there's an idea to create a new TLD called .bank. The idea is that it would only be available to banks, making phishing more difficult. In my opinion it's a miniscule incremental improvement (among other problems, major banks aren't going to stop doing business on their old TLDs for many years, if ever, and consumers aren't going to stop trusting these TLDs for the same amount of time). eWeek editor Larry Seltzer rightly points out that if you're going to put indications of trustworthiness into the browser, a nice green bar and an EV SSL Certificate are probably the way to go.

Tim Callan | 01 Aug 2007 | 0 comments

I've mentioned in the past that Firefox is moving forward on incorporating support for EV SSL into its next release. Firefox security interface designer Johnathan Nightingale has written a decent amount about his ideas for the Firefox 3 security interface, of which EV is an important piece. You can wander around his blog (as linked above) and find many things to read about usability and interface design. I'll point out a few of them here.

Johnathan's slide deck for his recent presentation at the OSCON open source summit.


Tim Callan | 15 May 2007 | 0 comments

Now you can view green address bars in Firefox the same way you do in Internet Explorer 7. This Firefox EV add-on enables the browser to detect Extended Validation SSL Certificates from VeriSign.

Tim Callan | 10 Nov 2006 | 0 comments

Opera developer Yngve Pettersen has posted a nice writeup of Extended Validation SSL and why it is beneficial to the online community. Yngve ends his missive with the promise of an upcoming Opera release that supports EV. He writes,

Opera has not yet implemented complete support for what is needed for Extended Validation, but work is underway:

Opera has supported OCSP verification of certificates since version 8.0, but CRL support is not yet implemented.

Some of the necessary functionality have been tested in an internal demo version..., based on a weekly release from March 2006.

There is a lot more that needs to be implemented before we can release a version with support for EV, but we will do so When It's Ready.

Tim Callan | 26 Oct 2006 | 0 comments

At RSA Europe I conducted an interview with The Register on the subject of Extended Validation SSL Certificates, and as a consequence a lot of people are mad at me. I would like to explain the circumstances under which this discussion took place and what I meant by the statement. And I'd like to make it clear that I regret the statement.