Saturday, May 15, 2021

Did EV-SSL Make Browsing More Secure?

Two years after it launched Extended Validation SSL (EV-SSL), more than 11,300 valid certificates have been sold, with around 8,000 of them sold by VeriSign, developer of the certificates.

Of course, considering that VeriSign has over one million standard SSL certificates total,
EV-SSL still has a ways to go until it is dominant.

SSL (define) certificates are used across the Web to secure transactions and information transit across the Internet. Yet a basic SSL certificate on its own doesn’t necessarily verify the identity or authenticity of a Web site, which is why VeriSign introduced EV-SSL certificates two years ago.

VeriSign claims that the technology is growing rapidly.

“We’re quite pleased with not only the overall number of certificates
deployed but also the level of deployment by leading sites such as Bank of
America, eBay, and Charles Schwab,” Tim Callan, vice president of product
marketing at VeriSign, told InternetNews.com . “We’re also very
pleased that all popular browsers recognize EV certificates today, with over
70 percent of Internet users on EV-aware browsers.”

An EV-SSL certificate involves a validation to ensure that the domain
owner and site is legitimate. Part of the process involves getting a lawyer
or other authorized organization or individual to vouch for an EV-SSL
certificate claim.

Not so easy

Warren Adelman, president and chief operating officer of EV-SSL vendor
GoDaddy, explained to InternetNews.com that EV-SSL certificates are
more expensive, more complex and more time consuming to obtain than regular
SSL certificates.

“There are a couple of challenges with Extended Validation and one of the
challenges is price,” Adelman said. “These are fairly expensive certificate
types, the price is driven by what is a fairly complex set of data gathering
that takes place as part of the extended validation requirement and that
creates a barrier.”

At GoDaddy, for example, the most basic type of SSL certificate is sold for
$29, while EV-SSL is available for $499. Browser vendors, including Mozilla,
Microsoft, Google (NASDAQ: GOOG) and Apple (NASDAQ: AAPL) all have a form of indicator to notify a user that they are on an EV-SSL protected site.

On Mozilla Firefox, for example, regular SSL encrypted sites are typically identified with just a padlock icon, while the icon for an EV-SSL site lights up in green.

Not all users are aware of EV-SSL, and that’s an area where Adelman argues
that further education is still required. It’s something that VeriSign
agrees with, though VeriSign’s Callan argued that there is real value that
businesses have seen from EV, as opposed to just normal SSL.

“EV’s challenges for adoption are very typical to other new successful
technologies. It is largely an exercise of increasing awareness and showing
measurable returns from the technology,” Callan said. “Furthermore, VeriSign
has published over 20 case studies from around the world showing measured
uplift ranging from five to 87 percent as a result of EV.”

While EV-SSL represents a degree of authenticity that is greater than
regular SSL alone, neither GoDaddy nor VeriSign expect regular SSL to go
away anytime soon. Though SSL is used to secure consumer facing sites that
could benefit from EV-SSL, GoDaddy’s Adelman noted that SSL is also used
internally in organizations where the extended validation is not needed.

Both GoDaddy and VeriSign are also seeing a migration from existing SSL
customers to EV-SSL.

“Most of our EV deployments have been from traditional VeriSign
customers,” VeriSign’s Callan said. “That makes perfect sense when you
consider that the VeriSign Secured Seal is a highly recognized security mark
that has been demonstrated to increase consumer confidence on sites and
drive additional transactions. EV purchasers seek the very same effect, and
therefore we’re not surprised to see our seal adopters in favor of EV SSL.”

This article was first published on InternetNews.com.

Similar articles

Latest Articles

How IBM has Changed...

Think is IBM’s big annual conference, and again this year, it was digital. I’m noticing a sharp quality difference in shows like this where...

Database-Tuning Platform Launches and...

PITTSBURGH — A team out of Carnegie Mellon University is launching its automatic database-tuning product today with the help of $2.5 million in funding.   OtterTune,...

Top 10 Professional Services...

Professional services automation (PSA) software aims to offer service-based companies most of the software they will need to run their businesses in one package....

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...