Extended Validation SSL/TLS Certificates

[Mike Wiseman <mike.wiseman () UTORONTO CA>]

Is anyone using or planning to use EV SSL/TLS server certs? We're
considering their use for targeted high-visibility services such as webmail
and central web sign-on with the thought of adding another layer of
protection against spear phishing. One of the things I don't like about them
is that they're too expensive to deploy to all current SSL/TLS internal
sites thus users may be confused by the two-tier protection: some sites
showing the green bar, most others showing a white bar in the browser
chrome. We hope to see whether users will take to the idea that some sites
have higher assurance than others.



Mike







Mike Wiseman

Computing and Networking Services

University of Toronto