Verisign Inc. has brought a new technology, used to identify trusted Web sites, to the Firefox browser.
The Internet services vendor has released a Firefox plugin that will show the same type of green address bar that is displayed by Internet Explorer 7 when it lands on certain highly trusted Web sites that use Extended Validation Secure Sockets Layer (EV SSL) certificates.
Companies such as Verisign, Entrust Inc., and Network Solutions LLC have been issuing these certificates since late 2006, but browser makers have been slower to adopt them. They were adopted by Internet Explorer 7 in late January, and Firefox is expected to support the certificates in Firefox 3.0, expected late this year.
The EV SSL certificates are essentially an antiphishing technology, designed to give Web surfers extra information and visual clues when they are visiting secure Web sites, whose URLs (uniform resource locators) begin with "https://."
It's harder for a business to obtain an EV SSL certificate than it is to acquire the ubiquitous SSL certificates currently used by most secure Web sites.
Before companies like Verisign will issue an EV SSL certificate, they take extra steps to make sure that it is going to a legitimate organization. For example, they will make sure that the business in question is registered with local authorities, has a real address and actually has control over the Web domain in question.
Verisign's Tim Callan says that more than 500 Web sites, including sites run by eBay Inc.'s PayPal division and ING Groep NV, have now completed EV SSL certification. Nearly 90 percent of them are certified by Verisign, said Callan, a director of product marketing with the company's SSL group.
That's an important point because Verisign's Firefox plugin doesn't identify sites that are certified by its competitors. Callan said it would have been too much work to maintain a list of legitimate EV SSL providers. "At that point we're creating a whole new simultaneous real-time checking system," he said. "We were willing to invest in this one-off code development, but we didn't want to inherit this legacy of constantly maintaining this service, especially since this is a stop-gap measure. At the end of the year this will be built into Firefox proper."
Because of this limitation, Verisign isn't recommending that nontechnical users download the plugin. It's for "technology early adopters and the people who really want to be on the state-of-the-art," Callan said. "For somebody who recognizes the limitations of it and is still asking for it, this is a good solution."