Yellow padlock is losing its trusted status :(

SSL losing its trust

This is a new video i have prepared to educate people about SSL and the issues with it.


Indeed it is, mostly to us users that know how easy it is to get one. To normal every day users it’s a False Sense of Security and commonly used for fraud. To some people they don’t need to see a Yellow Padlock on the browser, one on the webpage is enough, but fake.

I have to wonder how many ‘normal’ users know what the padlock means, assuming they even see it!

The underlying PKI, for now, is sound, but we need something much more obvious and enlightening about any ‘secure’ connection we make, especially if it involves the transmission of confidential data.

Lol, I didn’t even know that the yellow padlock was there for that reason . Well, at least I know it now 88)


Xan, step into my office, we need to have a conversation ;p

That video was nice and clear; easy to understand. But if anyone missed it:

SSL (the Padlock) means that the Connection (from ‘you’ to ‘the site’ you are on) is Encrypted; but that’s all it means.

It does NOT mean that the Site Owners are ‘Legitimate’ or ‘Trust Worthy’.

IMHO in some cases even fairly limited guarantees may be enough, though this may be arguable.

Indeed despite providing different trust levels DV and OV certs are equally represented with the same padlock.

eg: some blog,forum and alike services that require user to provide not much than an email use ssl certs : cert is an OV (Organization validation) one but CommunityHelpWiki - Community Help Wiki, and are DV (Domain Validation) certs.

Whenever the padlock could lead to implicitly assume more guarantees than those actually implied is no negligible concern, I’m among the lines of those who are not totally against DV certs although I agree that in some scenarios DV certs are not reliable enough.

eg: provide a shopping cart but use a DV cert whereas it is not possible to confirm its owner through whois (contact address use a 3rd party privacy service)

Indeed is an Amazon subsidiary

But there is no direct way to confirm the organization like there would be for EV or OV certs.

Sure where do we meet ?


Dangerous Validation! Ha…very Newsful, Melih. Thnx.

Kind regards,

Indeed there are some uses of DV, although fairly limited.

DVs are being used in ecommerce to “establish trust” today. This is wrong, VERY wrong. DV should NOT be used for establishing trust, because there is no trust component in a DV certificate.


Just a question Melih, Why dont the forums have a green bar insted of just the Yellow Padlock.

because we havent’ put an EV cert there…
i guess we should…


That would be better, yes :slight_smile:


Wow. Now I know what those yellow padlock is for… I didn’t even know what it means, before I just thought that it’s some sort of a secure connection between me (my browser) and the site I’m trying to enter.

New knowledge installed. ;D

Thanks Melih.

Greetings all,

Since this thread is about Yellow Padlock I’m posting here, but please move it if you find that another place is more appropriate.

It is just I never saw this combination before at Comodo forum site
where “Certified & Authentic” is actually “unauthenticated” and “does not provide ownership”

…which means … ???


That means that there is a link to a outside source of data. (a example would be my signature, it will trigger that Alarm/result).

Thanks for quick reply, OmeletGuy.

I see :-TU

… and… indeed! your signature must trigger the Alarm! ;D


thanks for noticing…

now you can see our forum and trust what you see with Comodo Forums are now EV protected! :slight_smile:


It’s much better than the insignificant padlock, but to be honest I get green, blue and other colours in the address bar I still think something better is needed than colour coding. The only reason I now it’s a safe site is because I have code is my userChrome.css to show me.

What is the blue padlock for? What type of validation? I don’t remember having seen it before.