2011-12-20 submit to reddit

Industry Standards for SSL and TLS

Last week, the CA/Browser Forum, an international consortium of software firms and CAs (Certificate Authorities), released a set of industry standards for issuing SSL (Secure Sockets Layer) and TSL (Transport Layer Security) certificates. These two security protocols are a type of digital public key or identity certificate that in general verifies the owner as who they say they are; specifically, in the case of SSL and TLS, the protocols provide a secure channel between two devices operating on the Internet. Because of the open nature of the Internet, establishing such a channel is essential to e-commerce and other transactions requiring proof of identity.

Most people browsing and shopping on the internet are only aware of the SSL protocol when they look for the little padlock at the bottom of the browser window that indicates SSL is in effect for this web page. Many people, however, are not aware of the indicator of the use of Extended Validation SSL: a green bar with the site-name. In both cases, SSL acts transparently with no effort needed on the part of the user to ensure a secure Internet session for the user.

It is true that the secure certificate process has undergone some body blows this past year. Some high-profile security breaches at certificate authorities have resulted in the possibility of wrongly-issued certificates. For example, last fall, GlobalSign, a European certificate authority, had to stop issuing certificates when a breach in the company's security structure was discovered -- it was not until last week that the company reassured its customers by announcing that no "rogue certificates" had been issued because of that breach.

Given the vast array of software that uses these certificates and the millions upon millions of websites that depend on these certificates for economic survival, the development of a comprehensive workable set of technical requirements for digital certificates was a Herculean task. These new international standards, the first of their kind for these security protocols, define the requirements by which CAs issue and manage these publicly-trusted digital certificates. Developed over the last few years with input from over fifty Internet-related companies, including browser creators and developers, existing Internet standards groups and the world's CAs, these baseline standards are touted to improve the accountability and reliability of the issuance process for all SSL and TLS certificates.

These new standards, though only voluntary, are slated to become part of the production process for digital certificates on July 1, 2012, but enforcement will depend on the adoption of the standard by browser makers. However, the CAs already responsible for the issuance of 94% of all issued certificates have pledged to adoption of the guidelines, which include the definition of such best practices as verification of identity, establishing the content of the certificates, revocation procedures, audit requirements, key sizes, use of algorithms and confidentiality, privacy and liability issues.

The complete document, a 32-page PDF file, is available at the CA/Browser Forum website.

kimberly author

Kimberly Dovander


Kimberly is the pro blogger in the WHS family. WordPress, Blogger, Tumblr... It doesn't matter - she knows them all. Send her a question, or a drop a line in the comment section below, and she'll get back to you.

Add Your Thoughts

  • 2012-02-22

    Access to Website Taken Down by US Order

    One of the fears of those who opposed the passage of the SOPA/PIPA Internet anti-piracy legislation in the US Congress last month may have come true. Many in the web hosting industry are concerned over the growi...
    us secret service
    0Comment
  • 2012-02-16

    Lessons Learned from Hack Attacks

    The importance of keeping customers in the loop and making them feel an integral part of a web hosting provider's business was driven home by the recent hack attack on the Cryptome.org web site. Covering whistle...
    0Comment
  • providers giving advise
    2012-02-15

    Web Hosting Providers Acting As Advisors

    Yahoo has recently taken a step for interaction with the customer that all web hosting providers may want to think about emulating. Last week, the beta of Yahoo Small Business premiered to the public as a resour...
    0Comment
  • ipv6 launch
    2012-02-09

    World IPv6 Launch Day Coming Soon

    The Internet Society recently set a date, June 6, 2012, as World IPv6 Launch Day, when it is expected that web companies and major Internet Service Providers (ISPs) will permanently enable the IPv6 protocol for ...
    0Comment
  • 2012-02-07

    SOPA and PIPA Lobbying Payments

    Last month, the United States Congress stopped consideration of two bills, the Stop Online Privacy Act (SOPA) in the US Senate and the Protect Intellectual Property Act (PIPA) in the US House of Representatives,...
    0Comment
  • 2012-01-31

    Problems for DreamHost

    Other web host providers may take a lesson from the recent set of problems that have been the experience of DreamHost, a domain name registrar and web hosting provider founded in 1996 and based in Los Angeles, C...
    dreamhost problems
    0Comment
  • open index
    2012-01-31

    Will New Online Protection Bill Replace SOPA and PIPA?

    With the overwhelming reaction against the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA), a few members of the United States Congress have put forth an alternative bill. Oregon Democrat Senator Ron...
    0Comment
  • 2012-01-30

    A Closer Look at Magento

    At its simplest, Magento is a robust e-commerce solution built on a foundation of open-source technologies. The blended approach that Magento uses provides the best of both worlds for end-users. On one hand, the...
    1Comment
  • new gtld signing
    2012-01-24

    Smooth Start for New gTLD Program

    ICANN, the Internet Corporation for Assigned Names and Numbers, announced last week that the application system for the new gTLDs (Generic Top-Level Domains) of the Internet began on January 19th and is proceedi...
    0Comment
  • 2012-01-19

    SOPA Stalls, But Online Experts Advise Caution

    Amid Internet site blackouts and public outcries, the Stop Online Piracy Act (SOPA) has been placed on hold in the Senate while sponsors regroup and reconsider their position on this controversial topic. Along w...
    0Comment

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Articles Archives

Buying Guide

Can't decide what hosting is right for you? Answer 2-5 questions and get your perfect hosting match!

To Questions

User Reviews

Make your voice heard. Review your web hosting provider - good or bad.

  •  
  •  
  •  
  •  
Everything has been very stabile and I was very impressed with all the features and extras that were included in the plan.

Bill about iPage

Read iPage Review

Leave Review Read Review

Ask the Editor

Editor

Ask us anything about hosting. We love to help.

David Walsh
editor in chief