Tim Flight

Opera today released a new version of their web browser. Although their browser represents about 1% of market share they are hoping to lure more customers though increased security, notably though anti-phishing technology.

While phishing is a very real threat in today’s Internet world, I disagree with their approach to combat it. What the Opera browser does is display the owner of the SSL (https: security) certificate. The idea is that if the certificate owner matches the website you are on then you are likely to be safe. Good theory, but here is where it breaks down.

Many companies use their website hosting company’s “shared certificate” rather thank forking over the huge expense of getting their own certificate. In this case the certificate will appear in the website hosting company’s name rather than the name of the current site you are on. In Opera’s mind, this would be a security risk when in fact it isn’t. This will hurt many small businesses who use shared certificates.

Other companies (even large ones) run their business as a DBA. The storefront might be “Big Department Store” but since they are owned by another company that other company purchased the certificate. The website is perfectly legit, however Opera will report this is cause for concern. There are plenty of reasons why the website and certificate holder are in two different names.

This entry was posted on Tuesday, April 19th, 2005 at 3:26 pm and is filed under Computer Technology. You can subscribe via RSS 2.0 feed to this post's comments. Both comments and pings are currently closed.