It is a concept that has been explored for millennium. In the bible, to suggest a significant life change, a person’s name was changed… Abram became Abraham and Sarai (Abraham’s wife) to Sarah. That concept still holds true today. Most parents understand intuitively the significance of choosing the name of their child and naming of new products requires careful deliberation about what it invokes.
So when I saw today Melih Abdulhayoglu CEO of Comodo tweet about DV SSL certificates, it reminded me of the concept only in reverse. Ever one for the clever turn of the phrase, Melih’s post suggested that the name of DV SSL certificates, which usually stands for “Domain Validated” connotes a level of trust that is inappropriate to what it actually delivers. His tweet today asked, “how can Certification authorities issue DV (Dangerous Validation) certificates to ecommerce and keep a straight face????”
Well said. In the ecommerce world, it is important for the buyer to know who they are interacting with. A DV SSL padlock only tells the potential buyer that the information he is transmitting, like his precious credit card information, is encrypted. But what good is encrypting the information if you don’t know who you are encrypting for. It is like giving the keys to your house to a total stranger!
So friends, buying online a great thing, but do it well and do it safely. Ideally, when buying online, buy at sites with an EV SSL certificate, these sites have a noticeable green color in the address bar. The “EV” stands for extended validation and this authenticates the business information behind the site. That is what you really want to know – that there is a real, verifiable businesses selling you the merchandise.
If the site does not have an EV SSL certificate and you see the yellow padlock, it can get dicey. Some sites have verified business information because they bought an OV SSL certificates – “organizational validated”. To find out if a site has an OV certificate, click on the padlock and you should be able to find the business name and address. But many sites have these DV SSL certificates and these are the ones to watch out. The only thing you know about this site is that someone was able to buy a domain for $10. It does nothing to tell convey trust. Remember that!
Now I realize that the average consumer does not care about the name of an SSL certificates because they probably don’t know what an SSL certificate is in the first place. But for those of us who do know, spread the word…DV SSL certificates are “dangerous validation” …
Let’s see if we can the change essence of DV to be the bad thing it really is. We have to start somewhere.