My Opera is closing 1st of March

Implementer's notes

What might get caught in the gears under the hood?

Extended Validation v1.0 approved

, , , , , , , , , , ,

As I posted earlier on Opera Labs, work has been under way to create an improved process, Extended Validation (EV), for issuing web site certificates that can give a higher degree of assurance to the user that the SSL/TLS website in question really is who it claims it is, and how to tell the browsers that this process has been used.

Last week, after two years of work, the members of the CA/Browser Forum, a group consisting of many Certificate issuers (for example, Verisign, Comodo, and Entrust) and browser vendors (KDE, Microsoft, Mozilla, Opera), voted to approve Version 1.0 of the Extended Validation Guidelines.

These guidelines describe which steps a CA issuer must (at least) take in order to validate that the information given is correct, such as confirming the legal existence of a business or government agency, ownership of a domain, authorization to request a certificate, etc. Compliance with the guidelines is verified by regular independent audits.

This version of the guidelines also address certain concerns about what kind of businesses are eligible to get EV certificates.

When the certificate is issued, and installed on the server, a browser supporting EV will not just verify the signature on the certificate, it will also:

  • Verify that the certificate is still valid, and has not been revoked because of some problem [link to revocation article],
  • Check for the presence of one of the CA's EV policy indicators (EV-OIDs) in the
    certificate.


If all of this is OK, then the browser will display a visible indicator to the user that the certificate for the site has been issued in accordance with the guidelines. The indicator agreed upon by the browser vendors is a green security toolbar beside the address field, perhaps with a couple of other embellishments.

EV certificates have been issued for a few months based on a preliminary version of the guidelines, and have been recognized by IE7.

No public version of Opera currently supports EV, although we built a demo version with rudimentary EV support last year. Work is going on to produce a full version that supports EV, and we are planning to include support in "Kestrel".

Work in the CA/B Forum is by no means at an end, there are a number of other areas that need similar functionality as that provided by EV to SSL/TLS, as well as possible improvements of the current guidelines.

Stay tuned.

1020 bit special number factored(51)2-bit banks

Comments

Josjosjoslyn Thursday, August 2, 2007 10:43:36 AM

Hi ..... EV is all well and good, but there is still the issue of the "Opera Browser" being rejected as a "secure browser" when visiting the vast majority of sites:-

1. Banks(UK & US) - not sure with regard to other countries
2. On-Line Shopping - to my knowledge(experience) 100% - okay, 100% is limited to the sites I have visited, so no where near comprehensive, but still even if there are sites out there, Operas' acceptance as a secure browser is not global. Which really frustrates me, when "they" want you to use IE(security is a joke on that tool!!) ... So I use Firefox for all my "https" visits.

I love using Opera on my desktop, although some of the "button" placements on some sites are still "skewed" and overlap content. The security is great, and good to see Opera still attaching the highest value to this, the most important aspect of the "web browser". BUT, it still fails to be accepted as a viable option to secure web-site usage. Until that has been resolved, and Opera is regarded as "globally mainstream" by corporates, the Opera Browser will remain where it currently resides ...... which a crying shame

Jos Joslyn

deborahwebb Tuesday, February 12, 2008 12:03:32 PM

Thanks for sharing some information on the new validator with us. I'm already testing its possibilities and I must admitt that I'm quite pleased with is so far. I'll let you know if anything unusual happens.
February 2014
S M T W T F S
January 2014March 2014
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28