Tim Callan has written an article over at NetworkWorld explaining the value of the recently released Extended Validation SSL Certificate standard. This effort, a product of the CA/Browser Forum, is a definite step in the right direction. Living on the technical side of Information Security, I clearly understand the requirements for cryptographic assurance of identity in online transactions. This effort recognizes, quite rightly, the additional requirement of usability in the consumer space. It makes no difference how solid the certificate process is if the user happily clicks through invalid certificates. So perhaps the more important aspect of the EV SSL project is not the Certificate Authority side of it, but the browser functionality. With IE 7, users get more than the little lock in the bottom right corner, they get the green address bar and they get the organization's name, validated by the EV CA process in the address bar as well (screenshot). This move, to make the status of the certificate and the organization's name more obvious to the user, is a simple design concept that could reap big benefits in terms of user awareness.

Of course, nothing is perfect. I can't help wondering how hard it would be to force IE to display every address as green, and how many users aren't on IE7 in the first place. I also can't help wondering how many warning signs users will ignore when they really want purchase that rare member of the 'original 9.'