since nobody realistically checks who issued a certificate before trusting a website with one, paying more for stricter verification nets you nothing.
The sad part is that the VeriSign's of this world put a lot of money into into brainwashing the masses for the next addressbar-color. We have green bars, yellow bars, blue bars... Expect the pink-unicorn-bar any day now (IE9?).
So yes, currently the users are conditioned to look for the padlock only and you can get away with it in most cases. But I wouldn't be surprised if the browser-makers soon get strongarmed into displaying those "unworthy" certs in a less appealing way - crackled padlock, perhaps?
The net result will be more fancy address bar colors and even less understanding for the average user whether the site he's looking at is "secure" by any means or not.
This whole tragedy is one of the rare cases where I'd be glad to see legislation to step in. Free market is just not working here, on so many levels.
The sad part is that the VeriSign's of this world put a lot of money into into brainwashing the masses for the next addressbar-color. We have green bars, yellow bars, blue bars... Expect the pink-unicorn-bar any day now (IE9?).
So yes, currently the users are conditioned to look for the padlock only and you can get away with it in most cases. But I wouldn't be surprised if the browser-makers soon get strongarmed into displaying those "unworthy" certs in a less appealing way - crackled padlock, perhaps?
The net result will be more fancy address bar colors and even less understanding for the average user whether the site he's looking at is "secure" by any means or not.
This whole tragedy is one of the rare cases where I'd be glad to see legislation to step in. Free market is just not working here, on so many levels.