Eligibility Expands for IE Web Certificate
Smaller and newer businesses will now be able to get security certificates that trigger a green address bar in Microsoft browsers under new rules ratified this week.
Smaller and newer businesses will now be able to get security certificates
that trigger a green address bar in Microsoft browsers under new rules ratified
Since they became
available late last year, the so-called extended-validation certificates
have generally been available only to larger companies -- those listed in public
Security companies and browser manufacturers through the Certification Authority/Browser
Forum have been hammering out procedures for general partnerships, unincorporated
associations, sole proprietorships and individuals as well.
"There are some new steps introduced," said Markellos Diorinos, a
product manager with Microsoft Corp. "They need face-to-face validation."
New guidelines call for smaller merchants to produce documents such as a driver's
license or a bank statement, according to certificate issuer Comodo. A lawyer
or a notary would have to review those documents.
The extended-validation, or EV, system is designed partly to address the rise
of "phishing" scams in which Web sites try to mimic legitimate businesses
to steal passwords and other sensitive data.
Although certificate issuers used to always check to make sure sites were really
what they said they were, newer competitors have tried to cut costs by checking
only that the site owns the domain name. Normal certificates may still be issued
that way, but the EV ones are reserved only for merchants that pass more rigorous
Microsoft's Internet Explorer 7 browser already recognizes EV certificates.
Developers of the Firefox and Opera browsers are also planning similar features.
The appearance of the green bar in IE7 should tell visitors that the merchant
does exist and operates at the location it says it does, though it doesn't validate
its quality of service.