Opera has released version 8 of its browser. It comes with an interesting innovation in security UI – it displays the “O” or “Organisation” field of the certificate in the URL bar (screenshot), ostensibly to help the user in making security decisions about a site.
One concern about this is that O fields are non-unique – you can have many companies all with the same name, in different areas of a country. A recent paper demonstrates the latter problem well – the authors managed to legally and properly obtain certificates for a random domain from multiple CAs with O fields which happened to be confusingly similar to that of some major US banks. Phishers could take advantage of this loophole. Additionally, in some types of certificate the field is useless, containing a repeat of the domain name, or a liability disclaimer statement.