5.3. Extended Validation

Internet Explorer 7 introduced support for 'Extended Validation' (EV) certificates. When accessing a web site that has one of these certificates from Internet Explorer the address bar turns green and a label appears that alternates between the name of the website owner, and the CA that issued their certificate. It is expected that other browsers will add similar support for these certificates in due course. In the meantime, EV certificates behave like any other certificate in other browsers.

The intension behing EV certificates is that browsers will only trust them if they are issued by 'trustworthy' CAs who have been through strict audit processes and who have robust process in place to correctly verify the identity of the people and organisations to which they are issueing certificates. This is to some extent an attempt to address the problem that browsers otherwise treat all certificates the same providing they are signed by a key coresponding to one of the trusted CA root certificates in the browser's store. Unfortunatly it is also the case that at present only a small number of the larger CAs are recognised as being able to issue EV certificates and, unsuprisingly, they all charge a significate premuim for such certificates. Since the right to issue EV certificates is vested in a trade organisation consisting mainly of these larger CAs it is unlikely that this will change anytime soon.