[WEB SECURITY] EV SSL certificates

Mike Fratto mfratto at gmail.com
Fri Dec 22 14:50:24 EST 2006


On 12/22/06, TUSHAR VARTAK      /ISG/INFOTECH/BKC
<TUSHAR.VARTAK at 3i-infotech.com> wrote:
> As I understand it this would be helpful in the newest
> versions of the browsers like IE 7, the browser would show
> Phishing Site and legitimate site next to address bar. For
> some good time the old browsers would stay and I am not sure
> if this would really help.

EV Certificated don't really solve the phishing problem mainly because
phishing is a social problem, not a techincal one. It's that simple.
If I want to be optimistic and think the best of people behind EV,
then I have to say that the EV initiative is a valiant effort to try
to tell users that a site has been approved, but it doens't stop
phishing of people simply ignore the messages their browsers pop to
them about certificate problems. Those people will still ignore the
pop-ups.

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list