Author: Roy Badami 2014-05-02 20:41:47
Published on: 2014-05-02T20:41:47+00:00
The article discusses the importance of showing a business name instead of just the domain name for better identification and security purposes. Domain names are more phishable than EV names, making it harder to distinguish between legitimate and fake websites. Hackers can also obtain a domain name SSL cert issued without being detected easily. Extended validation (EV) certs are much harder for hackers to obtain as they involve more checks. EV certs have the domain name in the CN field and the business name in the OU field. However, there is no code to check that a certificate was subject to extended validation before displaying its contents. The article suggests showing the organization data instead of the domain name if available for EV certs. Nonetheless, the rules around EV certs are iniquitous, and some businesses are excluded, such as sole traders in the UK. Despite this, supporting EV certs is better than doing nothing.
Updated on: 2023-06-08T22:14:26.338224+00:00