I always look forward to new releases from Comodo, and was intrigued by the release of the Comodo Dragon browser, so I installed it. After using it I was very disappointed by the way it handled standard SSL certificates. I am a part owner of several ecommerce websites, and noticed that when I attempted to view our sites or sites that use standard - but none the less secure ssl certificates Comodo Dragon displays a full page warning telling the user that the site is potentially unsafe, and that it is not recommended to continue. The user then needs to click a button to say they wish to continue to this potentially “unsafe” website. I found I needed to click the I accept button twice just to continue. Once the user chooses to continue…the address bar shows a crossed out https: in red. Which implies that the website doesn’t even use an SSL certificate, even though it does in fact use one. We happen to use the GeoTrust Quick SSL Certificates. The only difference with this type of certificate is the process in which the certificate is issued does not verify the details of the business. The certificate is indeed secure…so I am really curious why Comodo would feel the need to do this? The site is secure, yet you are trying to tell users that it is not.
I do see the advantage of letting users know if the business itself has been verified via the certificate but don’t feel that it is justified to display such a warning telling people that it is not recommended to continue to the site…and I also question these tactics used by Comodo, especially considering the fact that Comodo just so happens to sell these more expensive types of SSL certificates. Personally I can’t help but feel that these are dirty tactics used by a company who wishes to sell more of these more expensive SSL certificates, and I am almost surprised that the warning page does not display an ad from Comodo stating something along the lines of “Are you the website owner? Want to remove this annoying message…then Click here to purchase our SSL certificate to remove this warning.”
The Comodo Dragon browser also fails to take into consideration that there are other 3rd party verification programs that exist that also verify the identity of the business. We personally use Trust Guard for this purpose. And the verification process is more thorough then the methods used to verify a business with these business verified SSL certificates. The other issues I have with this process is the fact that the user can’t even white list the domain if they know the site is safe. I personally think in the future as this browser becomes more popular, that many websites owners will simply detect the Comodo Dragon browser on the webpage and warn users that this browser is not accepted on this website. I know that I am considering doing this. I really hope that Comodo can fix these issues because I don’t think it is fair to website owners who are in fact legitimate businesses who just happen to use the non business verified SSL certificates.