22. April 2011 · 1 comment · Categories: blog · Tags:

First let me amend a comment I made in my last post, How is SSL hopelessly broken. I said that browsers need to alert users about which type of SSL Certificate a web site is using. Actually browsers do alert you to when an Extended Validated (EV) Certificate is being used by turning all or a portion of the displayed URL green. Here are Paypal examples using Firefox and Internet Explorer (via Netcraft):

However the rest of my recommendation stands because the browsers do not provide any positive indicator of Organization or Domain Validated Certificates.I  recommend Yellow for DV and OV certs indicating caution.

Second, Netcraft just published a survey showing that EV Certs represent only 2.3% of all sites tested. Of the 1,000 highest traffic sites, 81 accepted HTTPS and “nearly a third of these certificates used Extended Validation.”

The good news is that the use of EV certs is growing: