Red sky at morning, sailors take warning: Microsoft, VeriSign and the other members of the Certification Authority/Browser Forum have a new strategy to combat phishing scams. They are going to add a green bar to sites that have an extra layer of certificate-checking, above and beyond the traditional gold padlock that was developed by Netscape in the mid-'90s. The idea seems smart enough, but not everyone is falling over themselves to praise this new system:

... VeriSign and its competitors will be required to perform extensive checks to verify that the business is legally recognized by a government agency and that the address registered for the certificate is valid, such as by matching it with a government filing or visiting the business in person.

Certificate issuers also must make sure that the company owns the domain name and that the individual requesting the certificate is authorized.

[...]

Although [Texas businesswoman Claudia Race's] MadLeap.com was registered as a limited liability company in Delaware, it's so new that it might not appear in enough databases, making her business difficult to verify, according to officials at Comodo.

Smaller and newer companies could lose business if consumers leave for larger, established merchants with green bars.

"It is the small merchants who really need the ability to say, `I am trusted. Come and do business with me,'" said Melih Abdulhayoglu, chief executive of Comodo. "The big guys who have the brands already have established trust because of brand awareness."

Link