The CA/Browser Forum has released a set of guidelines for Extended Validation SSL (EV SSL), a new type of EV certificate which provides an additional layer of protection on top of the existing SSL format. EV SSL utilizes a very strict issuance process which helps ensure that certificate holders are actually who they claim to be. Certificates that are improperly issued or used are revoked in a swift and efficient manner, nipping malicious behavior in the bud.

Most of the major browser manufacturers are on board with this new technology, with some already providing support and others planning to in the near future. Markellos Diorinos, Security Product Manager for Internet Explorer, expressed Microsoft's enthusiasm over EV SSL. "With Extended Validation SSL Certificates, which allow Internet Explorer 7 to display verified identity information for websites, users are now able to make better trust decisions online." Window Snyder, Mozilla's Chief Security Officer, chimed in by stating that "EV SSL will make it easier for Firefox to tell users who is behind the website they're seeing, which is an important factor in making trust decisions." Also giving their approval were the folks at Opera Software, creators of the multi-platform Opera browser.

The steps now required prior to issuing a certificate include verifying the legal and operational existence of the entity as well as matching its identity with official records. Also required is proof that the entity in question has the exclusive right to use the domain contained in the certificate, and that they have properly authorized its issuance. Available for all types of businesses, these EV Certificates should help in making successful phishing attacks a thing of the past.