[WEB SECURITY] EV SSL certificates

Mike Fratto mfratto at gmail.com
Fri Dec 22 14:50:24 EST 2006

<TUSHAR.VARTAK at 3i-infotech.com> wrote:
> As I understand it this would be helpful in the newest
> versions of the browsers like IE 7, the browser would show
> Phishing Site and legitimate site next to address bar. For
> some good time the old browsers would stay and I am not sure
> if this would really help.

EV Certificated don't really solve the phishing problem mainly because
phishing is a social problem, not a techincal one. It's that simple.
If I want to be optimistic and think the best of people behind EV,
then I have to say that the EV initiative is a valiant effort to try
to tell users that a site has been approved, but it doens't stop
phishing of people simply ignore the messages their browsers pop to
them about certificate problems. Those people will still ignore the

The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list