"The current version of the EV guidelines ... probably covers most if not all of the phishing targets today," Diorinos said. "We felt we have a good technology and should get the technology out to consumers as soon as possible."

Diorinos added that smaller merchants not covered still could get EV certificates through a third-party payment processor that is verified.

Microsoft will recognize certificates only from authorities that are independently audited, details for which are spelled out in the 65-page draft guidelines.

Story continues below ↓

advertisement | your ad here

Mozilla's Firefox and Opera Software ASA's Opera browsers also will eventually recognize EV certificates, though their makers committed to no timetable. Until then, an EV certificate would trigger a closed padlock like regular certificates, nothing more.

Window Snyder, Mozilla's chief security officer, said developers were trying to figure out the best way to highlight an EV-certified site — whether it's through a green bar or another means.

Unlike previous attempts by Microsoft to move forward with technologies before standards were ready, few criticized the Redmond, Wash., software company's moves, noting that the technical portions of the standards have largely been agreed upon. What's left deals mostly with procedures — how to validate smaller merchants.

Comodo believes it could be done within two months; VeriSign worries it could take longer and is reluctant to wait.

"It's unfortunate that it's not extended as far as it is right up front, but given the fact that identity theft is a very real thing, consumers need better tools in order to have confidence," said Greg Hughes, chief security executive with Corillian Corp., a provider of online banking technology. "This is the right thing to do and now is the right time to do it."

< Prev | 1 | 2 | 3