Changes are expected in the way extended validation (EV) certificates will be indicated in upcoming releases of major browsers, Google Chrome and Mozilla Firefox.Â In the upcoming releases, we can expect to see the EV certificate indicator moved from the URL or address bar to the Page Info.
By moving the EV certificate indicator to the Page Info, the website owner’s name will no longer appear in the web address bar. Users will be able to access certificate details by clicking on the locked padlock icon (next to the red arrow in the image). The domain owner’s name is outlined in red in the image shown.Â This change only impacts the way in which EV certificates are displayed in Google Chrome and Mozilla Firefox. The technical properties of the certificate remain unchanged. The display change affects all web pages that are secured by an EV certificate regardless of the activation date or issuing certification authority (CA).
WHY EV STILL MATTERS
- EV is used by major anti-phishing services to determine safe websites. Brands with EV will still be treated as more trustworthy by browser filters.
- Organizations that have EV are well positioned for forthcoming regulations in the EU that put identity at the forefront of digital security. Regulations for PSD2 compliance will require financial service providers to secure transactions and open banking APIs with a Qualified Website Certificate (QWAC), which is built upon the foundation of an EV certificate.Â
- Most browsers are still using EV indicators. Â Google and Mozilla will continue to use them as well. The changes will require user action to view the detail provided by EV certificates.
- Identity provides the foundation for security.
- Users should be able to easily determine who they are transacting with
- EV is still recognized and used as a best practice for identity verification
- Legitimate organizations still want their identity clearly visible to their users
Entrust Datacard product impacted:
- EV Multi-domain certificates
Expected release dates:
- Google Chrome version 77 — September 10, 2019
- Mozilla Firefox version 70 — October 20, 2019
Identity continues to serve as the foundation for digital security. Â EV certificates are still considered a best practice for securing website transactions and identifying an authentic website. It’s interesting that browsers are starting to obscure identity indicators at a time when the trend toward identity transparency is increasing. This trend is indicated in new technological standards such as: Revised Payment Services Directive (PSD2) and the Federal Office for Information Security in Germany (BSI), for example.
- Research report NO AUTHOR and Comodo, Incidence of Phishing Among DV, OV, and EV Websites
- White Paper by Sectigo, Understanding the Role of EV Certificates in Internet Abuse
- Research report by Google, The Web’s Identity Crisis: Understanding the Effectiveness of Website Identity Indicators
- News article, Decipher, Chrome and Firefox Removing EV Indicators
Â© Copyright 2019 Entrust Datacard Corporation. All rights reserved.
Entrust is a trademark or a registered trademark of Entrust, Inc. in the United States and certain countries. All Entrust and Entrust Datacard product names and logos are trademarks or registered trademarks of Entrust, Inc., Entrust Datacard Limited or Entrust Datacard Corporation. All other company and product names and logos are trademarks or registered trademarks of their respective owners in certain countries.
The information in this document is provided solely for informational purposes and is provided “as is” NO AUTHOR without any representations, conditions and/or warranties of any kind, whether express, implied, statutory, by usage of trade, or otherwise.Â Entrust Datacard specifically disclaims any and all representations, conditions, and/or warranties of merchantability, satisfactory quality, and/or fitness for a particular purpose. To the maximum extent permitted by applicable law, in no event will Entrust Datacard be liable for any damages, losses or costs arising from your or any third party actions or omissions in connection with this document. The only representations, conditions and/or warranties that may be applicable to any Entrust Datacard products that you may have are those contained in the agreement pursuant to which you obtained a license for those Entrust Datacard products.
The information in this document is subject to change as Entrust Datacard reserves the right to, without notice, make changes to its products as progress in engineering or manufacturing methods or circumstances may warrant.