A new SSL website survey conducted by Netcraft found 38,966 EV SSL certificates as of April. EV SSL provides a more stringent validation process for website certificates, but is generally more expensive. Among the 1,000 highest-traffic websites in the world, 81 used HTTP-S and had a valid SSL certificate, according to Netcraft, and one-third of these certificates use EV SSL.
"The real question is how many sites need EV certificates. In my opinion, every non-trivial site needs proper SSL, but why would a low-risk site go through all the trouble of getting an EV one?" says Ivan Ristic, director of engineering at Qualys.
According to Netcraft, the EV SSL vetting process can't always be automated like the regular SSL cert process. "For example, the current guidelines may in some circumstances require the certificate authority to arrange a site visit in order to verify an applicant's business address. Such checks ultimately ensure that EV certificates are only issued to legally established businesses or organisations," according to Netcraft's report.
EV certificates are more common prevalent in high-traffic or financial websites that require more assurance for visitors, according to the report. "For example, losses to phishing fraud can be reduced by educating online banking customers to look for the green indicator in the browser's address bar. Because this can only be activated by an EV certificate, a fraudster would be unable to replicate this behaviour on an HTTP website or by using a more easily obtainable type of certificate," the report says.
Qualys' Ristic says EV SSL adoption will rise when the cost do so declines. "We are moving to a world where anyone can have basic security for little money or free, and those who need more will use EV--and the adoption is likely to increase as the costs continue to go down," he says.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.