Saturday, 1 March 2008

On the worth of EV SSL

Source: The Register

The Register has a brief but useful analysis of Extended Verification SSL and its efficacy as an anti-phishing mechanism. Problems with the technology include user ignorance (in relation to the convention of turning the address bar green when verified by EV SSL), and the vulnerability of such verified sites to compromise of various sorts (which EV SSL can not prevent, and which is made more serious by the presence of the trust seal).

No comments: