Posts Tagged ‘dv’

Understanding SSL

Tuesday, August 7th, 2012 | Bruce Morton

Just thought I would let you know about a podcast called Sophos Techknow – Understanding SSL. Hopefully there won’t be much new for the regular readers of this blog, but the information may be valuable for those new to the SSL industry. I did want to make note of a few things.

The podcasters discuss 650 CAs in the SSL industry. Although there may be 650 root certificates embedded in software, this does not mean that there are that many CAs. Most commercial CAs have more than one root. Entrust is currently embedding four roots, but also have three embedded roots that are obsolete.

You may have a browser that has all seven. There are some CAs that have more than one brand and have multiple roots for each. There are also CAs that use their roots for different purposes, such as SSL, EV SSL, code-signing and secure email. All increase the number of root certificates, but don’t increase the number of CAs. I haven’t done the counting, but the number of CAs (i.e., organizations that run CAs with embedded roots) is more likely to be closer to 150 than 650.

The podcast also discusses the different ways that certificates are verified. My interpretation is that they were talking about two ways, DV and EV. There are three ways that certificate requests are verified:

  • Domain Validated (DV) – verify that the applicant controls the domain
  • Organization Validated (OV) – verify that a specific entity controls the domain
  • Enhanced Validated (EV) – more specific entity verification as described by the CAB/Forum EV Guidelines

I state this because OV certificates have been issued since the beginning of SSL time. They are the No. 1 certificate type issued to identify the subscriber of the certificate. EV certificate popularity is up and coming, but OV still makes up 31 percent of the installed SSL base according to the Netcraft data I reviewed.

Please enjoy the podcast.

Tags: , , , ,
Posted in EV SSL, Secure Browsing | Add Comment | No Comments »

All SSL and Digital Certificates Are the Same, Right? Wrong

Monday, May 21st, 2012 | Dave Rockvam

If all digital certificates are the same, why choose anything but the basic certificate? Because all certificates are not the same. Currently, there are three classes of digital certificates as recognized by the CA/Browser Forum: Domain Validated (DV), Organization Validated (OV) and Extended Validated (EV). There is a common misconception that the only difference in these certificates types is cost. In reality, there is much more.
Entrust provides OV and EV certificates and, to this day, has never sold Domain Validated (DV) certificates. Why has Entrust decided against selling DV certificates? Entrust feels strongly that these certificates do not provide a level of security and website authentication necessary to ensure trust.

DV certificates have repeatedly been proven inadequate in providing the level of security needed by the world’s leading government agencies, financial institutions and e-commerce websites. The requirements to obtain a DV certificate are not as rigorous as OV or EV certificates and, as a result, cannot provide the level of identity assurance needed in today’s cybersecurity landscape. The domain is the only identifying feature of a Domain Validated certificate, all the purchaser of this certificate must provide for the certificate being registered is proof of ownership of the domain. This is usually done in an automated fashion.

(more…)

Tags: , , ,
Posted in EV SSL | Add Comment | No Comments »