Understanding the Security Benefits of Extended Validation SSL Certificates
Talking about SSL certificates, there are 3 types:
- Basic validation
- Business validation
- Extended Validation
The first one checks only if a domain name is registered for the user which issues the certificate.
The second one also requires information about the company.
The last one checks the physical location of a company.
Do the 2nd and 3rd options make the connection more secure? The answer is no, they don’t make the connection any more secure in terms of the encryption being hard to break. However, they do make it more secure in that it is less likely an intruder was able to trick a CA into issuing a certificate in error.
The level of validation is entirely about earning the trust of your users. Personally, I just do basic validation, but that’s just validating to a name or a domain a lot of the time. Knowing that I’m actually talking to the server www.iamevil.com doesn’t really help instill confidence. Business validation allows you to have the certificate use the business name and proves that I’m talking to a real organization. Extended validation results in the green bar being presented on most browsers indicating that there is a high degree of trust in the identity of the party they are communicating with.