EV SSL Certificates, are they worth it?

In this post:

EV SSL - What is it? Why Extended Verification doesn't work Stanford U. and Microsoft conclude that it hurts security The criminals are getting better, and better The real problem is naive users, not security certificates

EV SSL - What is it?

Extended Validation or EV SSL Certificates are the newest, neatest iteration of encryption certificates that are intended to supply "enhanced security features".  Secure Sockets Layer (SSL) certificates have been in use for years, it is the internet equivalent of a Notary Public that enables websites to encrypt their traffic using HTTPS instead of the standard HTTP.  I covered the subject of SSL certificates in the entry I wrote in the Blackwell Encyclopedia of Management: Management Information Systems.

 

My friends over at SpiDynamics have written an excellent post on the subject, but in my opinion they are asking the wrong questions:

"With the explosion of phishing attacks and identify theft, a new form of SSL certificate is ready to hit the Internet. This new certificate is known as an Extended Validation (EV) SSL certificate and is designed "to provide users with a trustworthy confirmation of the identity of the entity that controls the website they are accessing". In addition to the confidentiality provided by traditional SSL certificates, EV SSL certificates also aim to instill trust in web users by validating the identity of the web site proprietor. Is this the silver bullet that we've been looking for or a wolf in sheep's clothing?"

I say EV SSL is a sheep in wolf's clothing.  It looks good, but does it help anything?