Tuesday, December 19, 2006

"Software to Spot 'Phishers' Irks Small Concerns"

An article in today's Wall Street Journal describes some of the fallout from a feature in Microsoft Internet Explorer 7: IE7 uses extended verification SSL (EV SSL) to classify sites using SSL. According to the article, IE7 displays a green address bar for secure sites verified as "legitimate"; yellow for "suspicious" sites; and red for known phishing sites. (An illustration is available here.) IE7 displays a standard white address bar for sites for which Microsoft has no information.

A problem, according to the article, is that Microsoft, and the EV SSL standard, exclude certain kinds of businesses:
[S]ole proprietorships, general partnerships and individuals won't be eligible for the new, stricter security certificates that Microsoft requires to display the color. There are about 20.6 million sole proprietorships and general partnerships in the U.S., according to 2003 and 2004 tax data from the Internal Revenue Service, though it isn't clear how many are engaged in e-commerce.
These kinds of businesses will have the regular white address bar when users visit those sites. It's unclear whether this will hurt businesses that fall within these categories. (The article also points out that it's unclear how consumers will interpret and use the signals conveyed by the colored address bars.)

In any event, the article quotes Spiros Theodossiou, a senior product manager for SSL at VeriSign: "We will come forward with a draft that will include these organizations" that are currently excluded, i.e., sole proprietorships, general proprietorships, and individuals.