While looking into some of the finer points of SSL EV, I landed at Microsoft. Clicking on the fourth search result shown in the adjascent picture (”Extended Validation SSL Sites”) prompted my up-to-date Firefox (and Safari and Opera) to initiate what is without question the single least understandable and therefore the most unforgivable computer/human dialog in the history of technology.

In essence my browser said: “I don’t have a clue about who owns this website, so let me enlighten you with an incomprehensible dissection of its X.509 certificate so you can judge for yourself.”

Ok, this isn’t an EV-specific issue. And sure, I get X.509, but Quintessential Person sure doesn’t. And though I’m not a Microsoft basher these days, they have no business using a certificate authority that only IE 7 knows about. All in all, this qualifies as Bad Security.

1. Great Security • n., see good is as good as it gets

2. Good Security • n., see rare and quiet about it

3. Passable Security • n., see optimistic auditor

4. Weak Security • n., see no, it isn’t a business driver

5. Newsworthy Security • n., see damn, it is a business driver

6. No Security • n., see unlikely despite what security team says

7. Bad Security • n., see anything in the name of security that gives it a bad name