« Microsoft HomeServer and the new computing | Main | Waste heat »

Extended Validation Response

I recorded this podcast on Extended Validation shortly after the Computer World article mentioned came out. But it took me a while to get the editing software to run on Vista and then the day after I finished it YouTube did a redesign which made me want to redo it to take advantage of the new features. Here it is at last:

There is more information on the Web site for my book The dotCrime Manifesto: How to Stop Internet Crime

Posted by Phillip Hallam-Baker on January 23, 2008 5:09 PM

Comments

PayPal (https://www.paypal.com/) has an EV certificate so IE7 displays a green address bar.

However, lots of the content on the PayPal front page comes from a different web site: https://www.paypalobjects.com/. That site uses a non-EV certificate.

So should the browser really show a green address bar?

If you mix https and http content you get the "insecure" display (white address bar, no padlock).
If you mix EV and non-EV https shouldn't the browser indicate the weakest? That is, display a padlock, but not the green background.

Posted by: James Manger | March 2, 2008 9:57 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


Categories

Accountable Web | Cryptography | Ideology | OpenID | Security Technology | Security by Slogan | Usability |

Archives

September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
September 2007
May 2007
April 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006

Recent Posts

Failure of the imagination..
Gadget crazy
Obsessed with power
BGP Security, a fragile foundation?
How security configurations go bad
Nick Szabo on Coase's theorem
The CyberSecurity Connection
Passwords, solved!
Massive botnet recruitment ahead of Georgia crisis
A clash of cultures

Comments

We encourage comments and look forward to hearing from you. Please note that VeriSign may, in our sole discretion, remove comments if they are off topic or inappropriate.
Powered by
Movable Type 4.21-en
Disclaimer: Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of VeriSign.

VeriSign Legal Notices

Read our Privacy Policy