Why ‘site seals’ are even worse than you thoughtUltimately benefit the vendor more than their customersBy Mike on 28th Jan 2016
Site seals promote bad user behavior, have questionable impact on conversions, and make your site boost your CA’s SEO.
Read on for more.
Why site seals exists.
Certificate Authorities (CAs) have a problem:
they want to show consumers their branding but can’t. The only area of a browser users can actually trust – the address bar – doesn’t show the CA’s branding. A lock is shown, and extended validation certs show the company ID, but unless the user really likes HTTPS and starts to explore the certificate, that’s all. Validation level aside, a Symantec certificate looks like a Comodo Certificate looks like a GoDaddy Certificate. For CAs, that’s a problem.So traditional CAs created something called a ‘site seal’, ‘trust seal’, ‘secured seal’, ‘trust logo’, or ‘trust symbol’: these are all the same thing: an image showing the CA’s brand, and some JavaScript that sets up a click handler to open a report on the CA’s website (we’ll explain why the JavaScript exists later).
Heads up: we sell certificates, and occasionally get explicit requests from customers for site seals, which we’ll happily fulfill. But we don’t use site seals, and our management tools don’t encourage site seals or mention them at all. Here’s why.
Promoting misplaced trust
The report that appears when you click on a site seal mentions SSL, and may also cover additional services like malware scans, site scans, or insurance policies for misissued certificates.
The report is presented from a secured site – again, the only part of a browser you can trust is the address bar – and the report’s contents are often useful.However the seal image itself has no security value – site seals are easily copied just like any other image on the internet, and anyone wanting to do something bad wouldn’t hesitate to do so. Which is the crux of the issue:
The trust seal UI never encourages users to read the report: merely to trust the presence of the image.
Source: CertSimple | Why ‘site seals’ are even worse than you thought
سلمان کے خیا لآ ت 