The History of the SSL Certificate

The Secure Sockets Layer (SSL) Protocol was adopted by Netscape in 1994 as a
response to the growing concern over nternet security! Netscape"s goal was to
create an encrypted data path between a client and a server that was plat#or$ or
%S agnostic! Netscape also e$braced SSL to take advantage o# new encryption
sche$es such as the recent adoption o# the &dvanced 'ncryption Standard (&'S)(
considered $ore secure than )ata 'ncryption Standard ()'S)! ndeed( by *une
+,,-( the .S /overn$ent dee$ed &'S secure enough to be used #or classi#ied
in#or$ation0
1The design and strength o# all key lengths o# the &'S algorith$ (i!e!( 1+2( 19+ and
+34) are su##icient to protect classi#ied in#or$ation up to the S'56'T level! The
i$ple$entation o# &'S in products intended to protect national security syste$s is
certi#ied by NS& 7!8 (Source0 9ikipedia( )e#inition &'S)
.pdates were released( so that today version -!, has grown in popularity and
beco$e a standard! :urther( SSL -!, is the version $ost 9eb servers support
today!
9hat kind o# trust do SSL certi#icates deliver;
Since its inception( the $ain role o# SSL is to provide security #or 9eb tra##ic
including con#identiality( $essage integrity( non<repudiation and authentication! SSL
achieves these ele$ents o# security through the use o# cryptography and properly
authenticated digital certi#icates!
SSL certi#icates( there#ore( are critical #or the user to trust a website operating #ro$
a server be#ore sending private in#or$ation to the server! =ut encryption is only one
part o# the 1trust e>uation8 that SSL delivers! SSL certi#icates issued under the
?!3,9 standard ought to deliver in#or$ation about the identity o# the entity since
certi#icates act as 1digital docu$ents8 that veri#y that a speci#ic public key does( in
#act( belong to the speci#ied entity! This identity veri#ication helps the user to
distinguish between authenticated and #raudulent websites!
Low &ssurance SSL 5erti#icates 5reate /ap in %nline Trust
5erti#ication authorities play a key role in establishing trust in online identities! Since
a digital certi#icate is a state$ent o# the identity o# the entity or individual who
wishes to be authenticated( a trusted third party is needed to validate the identity
attached to the certi#icate! This third party is the certi#icate authority whose
responsibility it is to deliver authenticated identity trust assurance #or online entities!
.n#ortunately( not all certi#ication authorities adhere to si$ilar standards in identity
assurance! n #act( so$e certi#ication authorities issue certi#icates without any
processes to authenticate and veri#y the identity o# the business re>uesting the
certi#icate! 9orse( these non<vetted certi#icates display the sa$e yellow padlock as
the identity assured SSL certi#icates! These 1weak8 validation certi#icates rely only
on the )o$ain Na$e 6egistrar details to validate ownership( which provides
virtually no identity assurance!
Let us look at the #ollowing e@a$ple! s www!&=5o$pany!co$ or www!&=5<
co$pany!co$ the real web page o# &=5 5o$pany( or does one o# the .6L"s
belong to a #raudster or i$postor; To deter$ine whether you are on the legiti$ate
site would re>uire #urther validation! # a website does not have identity
authentication( any #raudster can procure the trusted yellow icon to launch phishing
or phar$ing attacks #ro$ a #raudulent website because users cannot easily
distinguish between low assurance certi#icates and the identity<validating high
assurance certi#icates!
5onclusion
5o$puter SecurityThat"s why 'A SSL certi#icates were introduced to close this trust
gap!
9hen an 'A certi#icate secures a site( the Bicroso#t nternet '@plorer( %pera or
BoCilla :ire#o@ user will i$$ediately see the address bar turn green when they visit
the website! & display ne@t to the .6L will toggle between the organiCation na$e
and the certi#icate and the certi#icate authority that issued the SSL 5erti#icate! The
green bar $eans that a third party has authenticated the identity o# the business!
%ther browser vendors will also provide a si$ilar display
SSL is vital to 9eb security! t provides a strong sense o# con#identiality( $essage
integrity( and identity authentication to users! The business o# e<co$$erce is tied
closely to consu$er con#idence in the identity assurance aspect o# SSL certi#icates
across the net!
&s a result( in the #uture SSL certi#icates will evolve to o##er $ore security and
identity assurance! The encryption o# key lengths( cipher suites and new guidelines
#or SSL certi#icates will also evolve to ensure a consistent level o# identity
veri#ication during online transactions! This way( e<co$$erce will be able to
continue to grow as users grow $ore con#ident in shopping and banking online!
Source:
SSL!5o$odo!co$ D =logs!co$odo!co$