DigiCert QuoVadis

News and Events

QuoVadis Launches Extended Validation Certificates
13 Mar 2007

Bermuda internet security provider QuoVadis is on the frontline of efforts to reduce the impact of Internet crime.  For more than a year, QuoVadis has worked with Microsoft and other leading software providers to define new Extended Validation standards for website security, just launched in the Internet Explorer 7 web browser.

Extended Validation (or EV) certificates are a direct response to users’ concern over scam websites that are used to steal personal and financial data.  Indeed, authorities have identified at least 17 scam websites in recent years that claim to be based in Bermuda, relying on familiar website designs and the relative anonymity of the Internet to fool users.

EV certificates counter this crime trend by using certification authorities like QuoVadis to conduct rigorous background checks on the website operator to validate their identity and legitimacy.  The new generation of web browsers will highlight the verified EV identity details so that consumers may easily confirm they are visiting their intended website, and not a fraudulent version. 

“In the past, the quality of website certificates varied from one provider to the next.  For the first time, EV will provide a uniform vetting standard for all certification authorities, no matter where they or the protected company website are located” said Stephen Davidson, director of development for QuoVadis.

“QuoVadis is proud to be amongst the first issuers in the world to meet the stringent security requirements to provide EV, and the new certificates are garnering great interest from the Bermuda-based insurers as well as our international operations in Europe,” he added.

Boxoffice.bm, the popular Bermuda online ticketing website, is amongst the first sites in the world to deploy EV certificates joining industry giants like eBay, Charles Schwab, and Travelocity.

“The Boxoffice.bm website sells thousands of tickets for hundreds of different local events each year, ranging from movies to concerts.  While buyers want the convenience and speed of online purchasing, they also demand comfort that they are dealing with a legitimate vendor.  We believe that EV will become an important security feature for e-commerce websites” according to Steve Watts, director of Boxoffice.bm.

Extended Validation (or EV) SSL Facts

EV SSL Certificates were created in response to the growth of Internet fraud which erodes user confidence in online transactions.  Before users share their valuable or confidential data online, they want proof from a trusted source that a website is authentic. 

1.         What is an Extended Validation (EV) SSL Certificate? 
SSL certificates are used to provide encryption and to identify the operators of a website, triggering the familiar “yellow padlock” in browsers.  However, in recent years some SSL providers have introduced “no validation” certificates, creating confusion amongst end users regarding the reliability of SSL as a trust indicator. 

The new EV SSL standard seeks to increase user confidence by introducing:

  • Improved verification of the identity and authority of website operators
  • Consistent implementation across SSL providers, backed up by independent WebTrust audit
  • Enhanced displays in high-security browsers

Users will see several changes from the traditional SSL presentation when using an EV-ready web browser.  When visiting an EV-protected website using IE7, in addition to the SSL padlock, the browser address bar will turn green while a security report toggles between the identity of the site and the name of the certificate authority that conducted the EV vetting. 

The enhanced EV display confirms that website operator’s identity and authority has been verified, allowing users to easily assess the accountability and trustworthiness of the site.  Moreover, when IE7 encounters a self-signed or non-trusted certificate or a suspected phishing site, the address bar turns red.

2.         What is the CA/Browser Forum? 
The CA/Browser Forum is a group of SSL providers, web browsers, and other industry participants (such as legal and audit practitioners) that came together to look at ways to increase the reliability of SSL as a protection against phishing and other Internet attacks.  All certification authorities wishing to issue EV certificates must pass a special annual audit of their capabilities to reliably operate a public key infrastructure and to enforce the EV Guidelines.  QuoVadis is a member of the CA/Browser Forum and contributed to the creation of the EV Guidelines.  

3.         Which browsers will support QuoVadis EV Certificates? 
Microsoft Internet Explorer, the leading web browser, is the first software to support EV Certificates.  The active push of IE7 over Windows Update is leading to rapid adoption of EV-ready browsers.  In addition, other major browsers (including Mozilla, Opera, and Safari) are expected to support EV in 2007.

EV certificates are backwards compatible with older browsers, and EV-ready browsers will continue to recognize non-EV certificates. 

References:
CA/Browser Forum:  http://www.cabforum.org/