Given the proposal to encrypt everything, I wonder if the architects are going with standard SSL or the extended validation SSL. Will we need to provide full business details and such just to get HTTPS on our websites, or will a simple credit card payment complete the process?