Tired of managing certificates? Automate it with ZeroSSL   Learn about ZeroSSL Automation x

Firefox 3 Released with EV Support

Unless you've been living under a proverbial rock, you know that Firefox 3 was released today. In addition to an advanced bookmark manager, a new skin, faster script execution, and a new address bar, the new security features of Firefox 3 make it an essential upgrade. If you haven't downloaded it yet, you still have a chance to download it and set a world record for most software downloaded in a day. So... download Firefox 3 now.

One of the biggest security updates is recognition of EV SSL certificates. Firefox 3 users will now see a green bar to the right of the address bar when using a site that is secured by an EV SSL Certificate.


Firefox is the second most used web browser after Internet Explorer and Firefox 3's adoption of EV Certificate support will make EV Certificates much more valuable. For more information about Firefox 3's Site Identification button, read our introduction to it.

Compare EV Certificates

Originally posted on Tue Jun 17, 2008



EV Certificates aren't a real security solution, at least not to the majority of users doing the majority of activities on the internet, e-commerce might make up a large amount of some percentage but it certainly isn't the majority.

In any case EV certificates just re-enforces the whole pop-up tax, which means where people could be using self signed certificates or even forgoing certificates and just using DH to secure their connections so passwords entered into websites couldn't be sniffed isn't happening.

The end result is we have yet more snake oil and no solution to the wider internet, all we have is a higher barrier to entry and last time I checked phishing attacks and so on didn't usually need SSL to be effective, at the end of the day this does nothing for real user security to protect them from scams, it's all just smoke and mirrors and snake oil.


Ev certificates is just a way to give Verisign and co a leg up, because we really really will do what we were claiming to do the first time round, even though we really weren't.

EV certs are nothing but a scam to milk more money out of a very small market place and as you said now that browsers support them they will become more valuable, never mind that Firefox sold it's user base out of real security options so Verisign and others could line their pockets.


Here is a list of the organizations that created the EV standard:

Certification Authorities
• A-Trust GmbH
• Certum
• Comodo CA Ltd
• DigiCert, Inc.
• DigiNotar
• Echoworx Corporation
• Entrust, Inc.
• GeoTrust Inc.
• Getronics PinkRoccade
• GlobalSign
• GoDaddy.com, Inc.
• IdenTrust, Inc.
• ipsCA, IPS Certification Authority s.l.
• Izenpe S.A.
• Network Solutions, LLC
• QuoVadis Ltd.
• RSA Security, Inc.
• SECOM Trust Systems CO., Ltd
• Skaitmeninio sertifikavimo centras
• SwissSign
• TC TrustCenter GmbH
• TDC Certification Authority
• Thawte, Inc.
• Trustis Limited
• Trustwave
• VeriSign, Inc.
• Verizon
• Wells Fargo Bank, N.A.
Internet Browser Software Suppliers
• Microsoft Corporation
• Opera Software ASA
• The Mozilla Foundation

Mozilla isn't worried about giving VeriSign more money. They are actually worried about the security of their users and that is why they implemented support for EV certificates. Should normal certificates already have been like EV certificates? Yes. But there was no standard. Now there is. EV certificates are definitely a good step forward for security.

Advertisement • Hide