Do You Need EV-SSL? [VIDEO]
The CEO of Comodo, a key contributor to the EV-SSL standard, explains why extended validation SSL matters but why you might not always actually need it.
In May of 2005, Melih Abdulhayoglu, CEO and founder of Comodo, helped coordinate the first meeting to discuss Extended Validation (EV) SSL certificates. EV-SSL certificates offer the promise of increased rigor and authenticity for SSL, to help improve the security of the Internet.
SSL certificates are used throughout the Internet to help protect data in transport. There are different types of SSL certificates, with EV-SSL certificates offering some of the highest assurance levels possible to help guarantee integrity and authenticity.
Abdulhayoglu noted that one of the reasons for the creation of EV-SSL in the first place was to help put standards in place for SSL certificate issuance, an idea that caught on quickly.
"Within 18 months of our first meeting, IE 7 launched with support for EV-SSL," Abdulhayoglu said.
Abdulhayoglu said that in the first two or three years of its existence, most people did not know what EV-SSL was all about. With an EV-SSL certificate, the issuing authority must perform an extended validation check to verify ownership and authenticity of the organization and site that is requesting the certificate. EV-SSL also displays differently in the browser than a regular SSL site. Instead of just a padlock to indicate SSL is present, there is typically also a green bar to indicate EV-SSL.
"It's all about consumer confidence," Abdulhayoglu said. "People that need to be able to establish trust with someone, they need EV-SSL."
In a video interview, he discusses why EV-SSL is now needed more than ever for many different use cases. Watch the full interview with Melih Abdulhayoglu below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.
By Jeff Goldman
April 08, 2014
The vulnerability 'allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.'