Apple should call PayPal's bluff

Summary:PayPal is in another stand-off with Apple over EV SSL (Extended Validation Secure Sockets Layer) certificates, but Steve Jobs & Co. may call the transaction service's bluff.

PayPal is in another stand-off with Apple over EV SSL (Extended Validation Secure Sockets Layer) certificates, but Steve Jobs & Co. may call the transaction service's bluff.

According to Ryan Naraine, PayPal is about to launch a whitepaper that advocates blocking transactions from browsers that don't have anti-phishing protection. This whitepaper is a thinly veiled attempt to get Apple to add EV SSL certificates to Safari.

PayPal's latest effort follows comments by CIO Michael Barrett in March.

Here's the whitepaper gist:

In a white paper that outlines a five-pronged action plan aimed at slowing the phishing epidemic, Barrett said there's a "significant set of [PayPal customers] who use very old and vulnerable browsers" and made it clear that any browser that falls into the "unsafe" category will be banned.

"At PayPal, we are in the process of reimplementing controls which will first warn our customers when logging in to PayPal of those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe—usually the oldest—browsers," he declared.

Ryan also quotes Barrett:

"In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts."

So what are the motives here? PayPal--a huge phishing target--obviously wants more protection. It obviously wants EV SSLs, but Apple won't budge. The solution: Go public.

But is Apple really going to be pressured this way? Highly unlikely. PayPal seems to be hung-up on EV SSL certificates, but couldn't Apple meet anti-phishing requirements another way? Why wouldn't Apple just create lists of offending sites or warn users if a page is sketchy? Does Apple really have to buy into EV SSL?

Meanwhile, it's unclear whether PayPal would actually follow through on a Safari ban. PayPal isn't going to annoy Apple users. And it isn't going to turn off transactions on the iPhone either. In this stand-off I'd say the advantage is all Apple.

Topics: Security, Apple, Browser

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.