Internet Passes 600,000 SSL Sites

Netcraft's SSL Survey has found more than 600,000 SSL sites on the Internet for the first time this month. SSL sites are used by ecommerce sites, online banking and financial services, and other secure online service providers.

Netcraft's survey of SSL sites has now been running for over ten years. The first survey, in November 1996, found just 3,283 sites; since then, the number of SSL sites has had an average compound growth of 65% per annum.

Number of secure sites 1997-2007

ssl-totals2.png

The survey is a good guide to the growth of online trading and services. The survey counts sites by collecting SSL certificates; each distinct, valid SSL certificate is counted in the results. Each SSL certificate typically represents one company's details, and each certificate must be approved by a certificate authority, so the data is typically more consistent and less volatile than other attributes of the Internet's infrastructure.

This year is seeing many new developments in the use of SSL. Most significantly, Microsoft's launch of Extended Validation (EV) certificates in Internet Explorer at the start of the year is the first major change in the way SSL is presented to the user. Instead of the padlock icon to show a secure site, EV certificated sites are shown by a green background in the URL box in Internet Explorer in Vista (a feature also available to XP users if they update and configure their browser appropriately); this is intended to provide banks and retailers with a clearer way of showing users that they are on the genuine website.

Adoption of EV certificates has been slow, however: there were around 700 EV certificates in public use last month, passing 0.1% of the survey for the first time. There are many possible causes for this slow adoption, not least the lack of a final standard for EV certificates (well-publicised difficulties surrounding how to allow unincorporated traders to obtain EV certificates being one unresolved issue). Companies are probably waiting for others to go first, since the early adopters are sure to find many users confused by the new interface — it will be some time before the green status bar is as well-known by users as the existing padlock symbol. This is further complicated by speculation that the Mozilla project (makers of Firefox) may not to use green status bar, instead choosing a different presentation.