The Extended Validation (EV) Secure Socket Layer Certificates are an industry-wide initiative of the CA/Browser forum, of whom Microsoft is an integer part. In this context, the EV SSL Certificates address not only the necessity for encryption, but they also deliver an online standard for identity.

Microsoft representatives have informed as early as October that they expect the EV SSL Certificates to be widely available by the end of January 2007, and will directly target online fraud. As part of its continuous battle against spam, Microsoft also announced that Internet Explorer 7 will be updated in order to assimilate and support EV SSL Certificates.

There are however some limitations inherent with the EV SSL Certificates. "Yesterday I read a story in the Wall St. Journal about how some small businesses, will receive a lump of coal this Christmas, as they are unable to get the new EV SSL Certificates. Just like regular SSL certificates, EV SSL certificates will only be used when sensitive information is transferred online, e.g. while entering credit card info or logging into an email account. So don't expect to see a green bar all the time - only when you are about to make a trust decision and enter sensitive information do you need to look for the green bar, to confirm the identity of the recipient of that information. Even on banking sites, only the online banking portion of the site will use the EV SSL," revealed Markellos Diorinos, a product manager with the Internet Explorer team.

On debut, EV SSL Certificates will not cover small businesses that are not incorporated. CA will confirm and validate the legal existence, identity and control of a corporate organization over an online domain but small businesses pose a different problem altogether. Diorinos informed that the EV SSL Certificates will be released in their present form, but that they will be improved and developed in time to include various registration practices, and the individual identity verifying process.

"Until a version of the guidelines that covers all businesses becomes available, those not covered can still use regular SSL certificates, or use EV SSL through one of the following options:
￭ They can partner with a 3rd party for transaction processing, such as PayPal
￭ They can use their web-hoster or some other 3rd party for hosting their secure pages
￭ They can use one of the available 'store-in-store' systems to host their presence (such as eBay or Yahoo stores)," added Diorinos.