Website identity is very important for user security. Phishing and malware sites are now using encryption to hide among legitimate websites – and they are using anonymous, Domain Validated (DV) certificates to avoid being identified. For more information, click here. Our petition to the leading browsers asks them to recognize the importance of website identity for user security, to distinguish certificates that include confirmed website identity information (OV and EV certificates) from anonymous certificates (DV), to adopt common, universal browser UI security indicators showing identity, and to educate users in what the indicators mean. The text of Website Identity Principles is shown below.
PUBLIC ENDORSEMENT OF WEBSITE IDENTITY PRINCIPLES
We, the undersigned organizations, strongly support the display of website identity for user security, and we specifically endorse the following website identity principles:
- Website identity is important for user security.
- TLS certificate types that are used to secure websites – Extended Validation (EV), Organization Validated (OV), and Domain Validated (DV) certificates – should each receive a distinct, clearly-defined browser UI security indicator showing users when a website’s identity has been independently confirmed.
- Browsers should adopt a common set of browser UI security indicators for each certificate type, and should educate users on what the differences are to promote user security.