Abdulhayoglu: Yellow Padlock Losing its Meaning as a Trust Indicator
IT News Online Staff
2009-07-02
According to Melih Abdulhayoglu, CEO of Comodo, the yellow padlock is losing its meaning as a trust indicator. Online businesses should establish more trust than simple domain validation can offer.
Abdulhayoglu stated that domain validation means the certificate authority has checked only to see if the certificate holder controls the domain and not whether the certificate holder is a legal entity.
On the Internet, SSL certificates are used as the basis for encryption algorithms. Internet browsers display a yellow padlock if they detect that the transmission is encrypted, regardless of whether the site has a domain validated or higher assurance certificate.
Domain validation (DV) certificates omit the step of validating the legal existence of the applicant. Organizational validation (OV) certificates mean that the issuer has checked both the domain name and the legal existence.
One reason why the Certificate Authority/Browser (CA/B) Forum came up with an Extended Validation (EV) SSL certificate was to add additional assurances to the information displayed in a certificate. These additional assurances are required by guidelines established by the CA/B Forum, of which Abdulhayoglu is a co-founder. When most browsers detect an EV SSL certificate, they display a green address bar for encrypted transmissions.
Sites with DV certificates display golden padlocks, which may lead a consumer to believe that a higher level of authentication was performed.
Because the type of validation a certificate may receive varies greatly both by certificate type and by certificate authority, the golden padlock can mean different things to different people.
Abdulhayoglu said global industry standards should be enacted to require certain minimum validation prior to showing the golden padlock. This way the padlock acts as a trust indicator of the merchant rather than a simple symbol of encryption.
|
