|
Guidelines for Extended Validation Certificates Add Verified Identity to SSL.
The formal approval brings to the successful close more than two years of effort by over 25 companies and marks the dawn of a new era of identity on the Internet.
Version 1.0 of EV Certificate Guidelines ratified by leading certification authorities and vendors of Internet browser software.
Extended Validation SSL (EV SSL) Certificates build on the existing SSL certificate format, but provide an additional layer of protection in a strictly defined issuance process created to ensure that the certificate holder is who they claim to be. To ensure the integrity of the process, revocation measures are specified that allow for the quick and effective revocation of improperly issued or used certificates. All leading Internet browser vendors have stated their support for EV SSL, and either currently support or have announced plans to support the technology, which will allow the browser to display the verified identity of a website to a user.
On June 12th, 2007, the CA/Browser forum officially ratified the first version of the Extended Validation (EV) SSL Guidelines, which take effect immediately. The formal approval successfully brings to a close more than two years of effort, and provides the infrastructure for trusted website identity on the Internet.
Vendors of Internet browsers all voiced support and enthusiasm for the new EV SSL Guidelines.
"Determining the identity of the websites they visit has always been a challenge for internet users," said Markellos Diorinos, Security Product Manager for Internet Explorer at Microsoft. "With Extended Validation SSL Certificates, which allow Internet Explorer 7 to display verified identity information for websites, users are now able to make better trust decisions online."
"Mozilla is excited to see the new Extended Validation Guidelines that have resulted from collaboration between Certificate Authorities," said Window Snyder, Chief Security Officer for the makers of the Firefox web browser. "EV SSL will make it easier for Firefox to tell users who is behind the website they're seeing, which is an important factor in making trust decisions."
"We welcome this move to create common guidelines for implementation of Extended Validation Certificates," said Christen Krogh, President of Engineering for Opera Software ASA. "We have always placed user security as our first priority and these certificates will improve digital identity assurance for users of compliant browsers."
"The KDE project is thrilled to take part in this initiative," said Sebastien Kugler of the KDE Project. "It's a great opportunity to make the Internet more secure and a friendlier place, something that is fully in line with the goals of KDE. We look forward to implementing Extended Validation SSL Certificates in our web browsing component."
Extended Validation Guidelines
The issuance process of EV Certificates is strictly defined in the EV Guidelines, that specify all the steps required for a Certification Authority (CA) before issuing a certificate, and includes:
- Verifying the legal, physical and operational existence of the entity
- Verifying that the identity of the entity matches official records
- Verifying that the entity has exclusive right to use the domain specified in the EV Certificate
- Verifying that the entity has properly authorized the issuance of the EV Certificate
The CA/Browser forum (http://www.cabforum.org) is a voluntary organization of leading Certificate Authorities and vendors of Internet browser software.
In addition to the above entities, members of the Information Security Committee of the American Bar Association Section of Science & Technology Law and the Canadian Institute of Chartered Accountants have
participated in developing the standards for Extended Validation SSL certificate procedures and standards.
CA/Browser Forum members shall meet at least one of the following criteria.
- Issuing CA:- The member organization operates a certification authority that has a current and successful WebTrust for CAs audit, or ETSI 102042 or ETSI 101456 audit report prepared by a properly-qualified auditor, and that actively issues certificates to Web servers that are openly accessible from the Internet using any one of the mainstream browsers.
- Root CA:- The member organization operates a certification authority that has a current and successful WebTrust for CAs, or ETSI 102042 or ETSI 101456 audit report prepared by a properly-qualified auditor, and that actively issues certificates to subordinate CAs that, in turn, actively issue certificates to Web servers that are openly accessible from the Internet using any one of the mainstream browsers.
- Browser:- The member organization produces a software product intended for use by the general public for browsing the Web securely.
Заказ сертификата
|
EV Certificates are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. A second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before issuing EV Certificates. The audits are repeated yearly to ensure the integrity of the issuance process.
The participating Internet Browser Vendors are: KDE, Microsoft Corporation, Mozilla Foundation, Opera Software ASA
The participating Certificate Authorities are (01.2008):
A-Trust Gmbh
Trustwave
Certum
Comodo CA Ltd
Cybertrust
DigiCert, Inc.
DigiNotar
Echoworx Corporation
Entrust, Inc.
GeoTrust, Inc.
GlobalSign
GoDaddy.com, Inc.
IdenTrust, Inc.
ipsCA, IPS Certification Authority s.l.
|
Izenpe S.A.
Network Solutions, LLC
QuoVadis Ltd.
RSA Security, Inc.
SECOM Trust Systems CO., Ltd.
Starfield Technologies, Inc.
Swisscom Digital Certificate Service
SwissSign AG
TDC Certification Authority
Thawte, Inc.
Trustis Limited
VeriSign, Inc.
Wells Fargo Bank, N.A.
|
Extended Validation (EV) SSL Certificates will serve the following purposes:
Enable Secure Connections.
Like "standard" SSL certificates, which rely on authentication of requesting organization's identity
and/or domain control, EV SSL certificates enable secure encrypted communication between a Web site and a
site visitor's browser by facilitating the exchange of encryption keys
Establish Online Businesses Identity.
EV SSL Certificates establish online businesses identity by confirming the certificate holder's legal and physical existence.
Help Prevent Fraud.
By providing reliable third-party verified identity and address information regarding the owner of a Web site, EV Certificates may help to:
- Make it more difficult to mount phishing schemes and other online identity fraud attacks using SSL certificates;
- Assist companies that may be the target of phishing attacks or online identity fraud by providing them with a tool to better identify themselves and their legitimate Web sites to users;
- Assist law enforcement in investigations of phishing and other online identity fraud, including where appropriate, contacting, investigating, or taking legal action against the perpetrator.
Документация
Мы обеспечиваем для украинских потребителей:
- Возможность приобретения любых продуктов безопасности
- Техподдержку на украинском и русском языке
- Стоимость равную стоимости продукта у производителя
- Прием оплаты за сертификаты на территории Украины
- Выдачу необходимой бухгалтеской документации
- Прием оплаты в гривнах, рублях и валюте
- Прием документации на украинском и русском языке
- Прием документации на территории Украины
- Экспертизу представленной документации
- Верификацию украинских компаний
- Подготовку документации для Сертификационного центра
- Отправку документации в Сертификационный центр
- Наши менеджеры окажут полное сопровождение Вашим
специалистам на всех этапах выбора, заказа, тестирования,
оплаты, получения и установки продукта
|
The Extended Validation (EV) SSL Certificate standard is intended to provide an improved level of authentication of entities that request digital certificates for securing transactions on their Web sites. The next generation of Internet browsers will display EV SSL-secured Web sites in a way that allows visitors to instantly ascertain that a given site is indeed secure and can be trusted. A new vetting format, which all issuing Certification Authorities (CAs) must comply with, ensures a uniform standard for certificate issuance. This means that all CAs must adhere to the same high security standards when processing certificate requests. Consequently, visitors to EV SSL-secured Web sites can trust that the organization that operates the site has undergone and passed the rigorous EV SSL authentication process as defined by the CA/Browser Forum. Internet users thus will be able to trust that particular Web sites are what they claim to be, rather than fraudulent mirror sites operated by perpetrators of phishing schemes.
Allowing Internet users to instantly distinguish EV SSL-secured Web sites, new versions of the Internet's leading browsers will display EV SSL certificates differently than the standard "padlock" method used for existing types of SSL certificates. See below for examples of how the Internet Explorer 7 and Opera 8 browsers will be displaying EV SSL Certificates.
EV SSL Certificate Guidelines Version 1.1
+38.0382765511
