Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study

Date Added: Jul 2009
Format: PDF

There has been a loss of confidence in the security provided by SSL certificates and browser interfaces in the face of various attacks. As one response, basic SSL server certificates are being demoted to second-class status in conjunction with the introduction of Extended Validation (EV) SSL certificates. Unfortunately, EV SSL certificates may complicate the already difficult design challenge of effectively conveying certificate information to the average user. This study explores the interfaces related to SSL certificates in the most widely deployed browser (Internet Explorer 7), proposes an alternative set of interface dialogs, and compares their effectiveness through a user study involving 40 participants.