News

Eligibility Expands for IE Web Certificate

Smaller and newer businesses will now be able to get security certificates that trigger a green address bar in Microsoft browsers under new rules ratified this week.

• By The Associated Press
• June 14, 2007

Since they became available late last year, the so-called extended-validation certificates have generally been available only to larger companies -- those listed in public databases.

Security companies and browser manufacturers through the Certification Authority/Browser Forum have been hammering out procedures for general partnerships, unincorporated associations, sole proprietorships and individuals as well.

"There are some new steps introduced," said Markellos Diorinos, a product manager with Microsoft Corp. "They need face-to-face validation."

New guidelines call for smaller merchants to produce documents such as a driver's license or a bank statement, according to certificate issuer Comodo. A lawyer or a notary would have to review those documents.

The extended-validation, or EV, system is designed partly to address the rise of "phishing" scams in which Web sites try to mimic legitimate businesses to steal passwords and other sensitive data.

Although certificate issuers used to always check to make sure sites were really what they said they were, newer competitors have tried to cut costs by checking only that the site owns the domain name. Normal certificates may still be issued that way, but the EV ones are reserved only for merchants that pass more rigorous screening.

Microsoft's Internet Explorer 7 browser already recognizes EV certificates. Developers of the Firefox and Opera browsers are also planning similar features.

The appearance of the green bar in IE7 should tell visitors that the merchant does exist and operates at the location it says it does, though it doesn't validate its quality of service.