Iíve been arguing with the CA/trust forum for 6 months now dealing with EV-SSL and its impact (with little support I might say) and now thanks to todayís Wall Street Journal article I received my first support call on the issue. I thought it might be a good idea to start a thread here discussing the issues.
First for those who donít know, EV-SSL is SSL ďpart deuxĒ which includes an identity component, which is the good part of this. But how itís implemented will cause some issues. IE v7 contains as a feature on the address bar a color shading system to help end users know that a site is safe GREEN=SAFE, RED=PHISH/BAD, YELLOW- I donít know what that means but the end users will identify it as not safe, and finally White meaning no judgment but the end users will identify it as not safe.
What Iím driving at is within a few years, end users will Identify GREEN as the only SAFE place to use a Credit Card. Especially when Microsoft & VISA start their multimillion dollar ad campaign flaunting the GREEN IS GOOD feature.
The current problem is the only way to get an EV-SSL certificate is to have your Corporation identity confirmed and pay the current Verisign $2500 annual certificate fee. Hopefully the fee will drop with competition. Corporation is the key here, if youíre a small business, sole proprietor, individual; no EV-SSL for you and as such no Green address bar and no sales. Though this might be good for us web-hosts ;-)
Forget sharing a wildcard EV-SSL either or linking to a site page with one, that will immediately get you a RED warning on IEís address bar.
Any Ideas or comments, short of ďUse FirefoxĒ, on this issue? I just added a link to do-it-yourself incorporations on my site ;-)
I'm taking a wait-and-see attitude. I don't expect it to amount to much. Remember P3P from a few years ago? Some large corporations spent a LOT of money putting policies in place and it went nowhere. I suspect this will be similar as there are far too many mom-n-pops who don't participate so long as the pricing stays prohibitively high.
The current problem is the only way to get an EV-SSL certificate is to have your Corporation identity confirmed and pay the current Verisign $2500 annual certificate fee. Hopefully the fee will drop with competition.
I'm not going to get into a debate if EV is good or bad but: