What are Extended Validated Certificates?
The Extended Validated certificates also known as the EV certificates are X.509 conforming certificates that prove the legal existence of the owner and should be signed by the certificate authority that have issued the Extended Validated certificate.
The Green Bar for the Extended Validated Certificates.
When a website that has the Extended Validated SSL certificate for security, all latest browsers in turn cause the address bar to turn green displaying the organization’s name listed in the certificate and also the issuing certificate authority.
The Death of Extended Validated Certificates.
In recent times the Extended has been set to “Die” under Chrome and Firefox. Recently Google made an announcement that “On HTTPS websites using EV certificates, Chrome currently displays an EV badge to the left of the URL bar. Starting in Version 77, Chrome will move this UI to page info, which is accessed by clicking the lock icon.”
Then Firefox went forward with their announcement “In desktop Firefox 70, we intend to remove Extended Validation (EV) indicators from the identity block”.
Chrome is scheduling to ship on September 10 2019 and Firefox 70 has set its ship on October 22 2019.Under the fact that both browsers are auto updating then in about 8 weeks there won’t be any EV certificates and high number of the web users won’t be seeing them though some may not have had knowledge of their existence.
Personally I would accept to be amused knowing that all this happening under the fact that there claims that were ludicrous about the EV effectiveness really came diminishing when it’s no longer available to the end-user. Also there were claims that google is pushing the EV changes to spec.Though the claims the truth is that google was not pushing anything into spec no more than Apple a year back and Firefox in this year. Simply all of them were just adapting their UIs to better their services to their customers all of them arriving to the conclusion that they are removing the EV entity name.
The reason as to why they are doing this I find quite interesting like chrome made an announcement “Through your own research as well as survey of prior academic work, the Chrome security UX team has determined that the EV UI does not protect users as intended. Users do not appear to make choices when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection. “According to me that’s absolutely right – users definitely won’t change their behavior when they encounter a DV padlock rather than the EV entity name.
The same thing was also described in the announcement made by Mozilla: “The effectiveness of EV has been called into question numerous times over the last few years, there are serious doubts whether users notice the absence of positive indicators and proof of concepts have been pitting EV against domains for phishing.”
The EV certificates are now really on the verge of death knowing that all the claims have been debunked and all the premise under which they were sold is all about to vanish.