Yet both Microsoft and Netscape (and other browser vendors) have a policy of only issuing SSL Certificate to validated entities so consumers now expect such website identity assurances.
Market education through the consumer press and industry bodies has also added to people's perception of the SSL padlock as indicating a Secure and Authentic Site.
Step 2: Verify that the applicant is a legitimate and legally accountable entity.
The compromise of either step endangers the message of trust and legitimacy provided to the end consumer.
In order to avoid such warnings the SSL Certificate must be issued by a "trusted certifying authority" - trusted third party Certification Authorities that utilize their trusted position to make available "trusted" SSL Certificate. Browsers and Operating Systems come with a pre-installed list of trusted Certification Authorities, known as the Trusted Root CA store.
Technically, the SSL protocol provides an encrypted link between two parties, however in the eyes of the consumer, seeing the SSL padlock in their browser means much more: As well as ensuring that their details remain secure during a transaction, consumers also care whether the website they are dealing with is legitimate.
In order to solve the critical issue of identity assurance as well as information security on the Internet, the efforts of SSL Providers (Certification Authorities), consumer magazines and industry bodies have rightly resulted in the SSL padlock becoming synonymous with trust and integrity - factors consumers associate with being legitimate.
So by relying solely on such records, potentially untrustworthy information is being trusted.
Bizarrely, Geo Trust even refer to this cut-down domain-control authentication process as being stronger than traditional two step validation - which includes both the domain name ownership validation step and the added step of business legitimacy verification.