Sub-Prime PKI: Attacking Extended Validation SSL
Source: Black Hat
One of the attributes that the paper discusses is the type of SSL certificate presented by a web server when negotiating a secure connection. Modern web browsers support both Domain Validated (DV) and Extended Validation (EV) SSL certificates. EV SSL certificates were created to combat phishing and other web based spoofing attacks which succeed in spite of the DV SSL model for web site identification. The EV SSL model improves upon the DV model in two ways. First, certificate authorities enforce a more thorough off-line validation process in order to more accurately identify the agent requesting the certificate as the owner of the domain which the certificate is for.