Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Email Email  Print  Share


Browser Certs Can't Force Adherence

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Channel: Other, Networking & Mgmt, Servers & Storage, Data Protection, Wireless

   



Extended Validation certificates, developed by the CA/Browser Forum, are supposed to ensure that an SSL-enabled Web site is a legal entity and communicate that fact to users and, in doing so, help protect them from phishing and fraud.

The CA/Browser Forum is a vendor consortium made up of public CAs, such as Comodo, GoDaddy, RSA and VeriSign, as well as Web browser developers like the KDE Project, Microsoft, the Mozilla Foundation and Opera Software.



The use of digital certificates for SSL in browsers is fundamentally flawed, leading to easy confidence games like phishing and fraud. EV certificates are issued to Web sites after the company has been identified as a legal entity using a set of standardized procedures followed by all participating certificate authorities. Unfortunately, EV certificates don't significantly mitigate the problems with digital CAs and don't address the problem of authoritatively identifying a Web site as legitimate. But if EV certificates gather credibility with users, your organization may be forced into applying for one.

Consumers and enterprises alike are rightly concerned with privacy and security when conducting business on the Internet. Without the familiar setup of the brick-and-mortar world, it's difficult for users to judge the validity of Web sites with which they do business.

Extended Validation certificates, developed by the CA/Browser Forum, are intended to allay some of those concerns by certifying sites that are valid business entities.

The CA/Browser Forum's EV certificate guidelines standardize the scrutinization of certificate applicants and require EV CAs (certificate authorities) to pass a "WebTrust for CA" audit. And EV certification is making its way into the mainstream; the CA/Browser Forum's EV guidelines aren't final, but Microsoft's Internet Explorer 7 already supports EV certificates.


Page:  1 | 2 |3 |4 |5 |Next Page »

Related Reading


More data-protection Insights



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Research and Reports

Hypervisor Derby
August 2011

Network Computing: August 2011

TechWeb Careers