Verisign and Comodo formally EV enabled
By Yngve Nysæter Pettersen. Friday, 12. September 2008, 13:26:14
Today, Verisign (including Thawte and Geotrust), and Comodo were formally EV-enabled in Opera v9.50 and later.
There are no practical effects for Comodo, as their certificate has been provisionally enabled for a few months as part of EV testing. Verisign's Thawte and Geotrust certificates, which were not part of the testing, are EV-enabled as of today.
TestURLs:
As usual, the EV certified Web sites signed by the newly EV-enabled Roots will not show the EV indicator until after the weekly automatic update (on start), or a manual Help->Check Updates (with a restart possibly needed afterwards).
We have several more CAs in the EV pipeline that are expected to be ready within a couple of weeks. Stay tuned.
There are no practical effects for Comodo, as their certificate has been provisionally enabled for a few months as part of EV testing. Verisign's Thawte and Geotrust certificates, which were not part of the testing, are EV-enabled as of today.
TestURLs:
- Comodo:
https://comodocertificationauthority-ev.comodoca.com/
https://www.sslcertificaten.nl/
https://secure.comodo.com/example.html
- Geotrust: https://www.geotrust.com
- Thawte: https://www.thawte.com
-
Verisign:
https://www.dnbnor.no/
https://nettbank.sparebank1.no/
As usual, the EV certified Web sites signed by the newly EV-enabled Roots will not show the EV indicator until after the weekly automatic update (on start), or a manual Help->Check Updates (with a restart possibly needed afterwards).
We have several more CAs in the EV pipeline that are expected to be ready within a couple of weeks. Stay tuned.
WIDGETIZE
PeaceDestroyer # 12. September 2008, 21:37
Thanks to the folks at Opera for being worry for their customers' safety, these two certificate vendors are well-known on the scene; Also thanks to them for this.
kamalesh # 13. September 2008, 20:09
Isoik # 9. October 2008, 20:41
The useless green bar doesn't mean anything more than a yellow one.
Is it supposed to be "safer"? I say no to that, regular SSL certificates were safe enough as they were. Did you ever see SSL connection getting hacked through easily? Well, I didn't either.
The green bar just separates rich businesses from the small ones and have this mentality: if you got money you can be trusted.
"We are a rich business so you can give us your full trust". When people see the yellow bar they know their information is entered over a secure connection while the green bar seems to exist to make people believe that there is nothing to worry about, "Ooh, a green bar, what's the difference between a yellow one?" (Assuming the person knows that the yellow one got something to do with encryption) "It probably means these guys are angels and I can give them any personal information they want and means their products are much better than others. Why else would there be a yellow AND green one!".
No, no, the big ones are the ones you should be careful with!
It's not about secure connections and encrypted data anymore, it's just a big scam to sell overpriced certificates...
Believe me, there will be a time when the green bar won't be sufficient anymore. Probably a pink one will be used for MUCH costlier certificates or a green full screen window with font size 20pt saying: THIS SITE IS TRUSTED!!!! POWERED BY COMODO/VERISIGN (or whatever)
Maybe the last part was a little exaggerated but it wouldn't surpise me.
yngve # 9. October 2008, 22:45
And BTW: SSL/TLS is not just about encryption, to be precise it is about integrity(you get exactly what was sent) , confidentialty (encryption) and authentication(who you are talking to).
EV is mostly about authentication/identity, not encryption (though the encryption rules for EV are stricter, and will become even stricter in 2011), and knowing that you are really talking to the company you think you are talking to (whether or not you trust that company is a different question, but with an EV certificate you should be able to physically find the site owner). To be able to tell you all that, the CA have to not just go through a lot of expensive checking (including examination of physical papers), they have to go through a yearly audit of the process that lasts many weeks, which is also expensive.