Kent, UK, 19 April 2002. Certification authorities (CA) typically charge quite a high price (as much as $1000) for an SSL Certificate that enables a merchant to display the little gold padlock with a website link - indicating that you, the customer, have a secure, i.e. encrypted, link with him. The price is justified by the fact that before issuing this certificate, the CA will have to carry out extensive checks on the merchant, his company registration, credit rating and so on.
So, when an Internet user sees the little gold padlock in his browser, he knows it is safe to shop from that merchant, right?
Well, maybe not. According to Melih Abdulhayoglu, Chief Security Architect with COMODO, the picture is rather different from the user's perspective. "First of all, if you see a padlock in your browser, how do you know that it is an authentic one?" he asks.
"The answer is -- you don't," he explains. "It could simply be a graphic displayed by the website, and unless you know how to check, you will not know any different!"
So, if there is a padlock displayed, does this mean that the URL (web address) that we see in our browser bar is who we have a secure link with?
"NO!" says Abdulhayoglu. "All it means is that you have an encrypted link with the certificate holder. There is no verifiable or trustable link between the padlock and what you see in our URL bar! Unless of course you double click on the padlock to view the details of the certificate and then compare it with what is being shown on the URL. And let's face it, how many people are willing to go through the rigmarole of doing that (or even know that this is possible in the first place!) this is provided that they can trust the details displayed when clicking on the padlock and are getting the authentic information! As explained above this could be a fake padlock and fake detail could be displayed as a result of clicking on this fake padlock.
So what does that mean to the potential Internet Shopper?
The implication is that unless the customer has a simple way to check the authenticity of the SSL padlock and link, and verify that he really is connected with the company he intends, the investment the merchant has made in his SSL certificate is not reflected in confidence by the customer. After all what good is it to pay $1000 to get your Identity verified by the CA for your SSL yet this "Costly" exercise is not passed to benefit the end user? After all this is what other CA's say in their agreement about your identity: "You are responsible for deciding whether or not to rely on the information in a certificate". If there is no warranty or guarantee against fraud and the user is left to his own devices and made to investigate each and every certificate himself/herself then the user does not get any benefit from you paying $1000 to validate your identity!
Until now that is. COMODO recently launched TrustToolbar,
an Internet Explorer plug-in, FREE to end users that does exactly that.
COMODO has spent many man-years building the largest directory on the
web, with the details verified of over 5 million company names, 15 million
links and 10's of thousands of registered brand names.
Users of TrustToolbar are provided with "Web Identity Assurance" thanks to the "Identity Assurance Infrastructure" built and operated by Comodo. TrustToolbar gives assurance of the legitimate owner of the website and protects the user. It's about arming the user with the correct information so that the user can make informed decisions.
So what is the value of an SSL certificate? Because COMODO has already verified all the companies in its Trusted Directory, It is now offering SSL Certificate for only P.O.A. - even less for multiple years! Companies currently not listed in the Trusted Directory can enter their details FREE with TrustToolbar Merchant Suite Express (TMS Express), or pay a nominal amount to have their logo added for even greater corporate identity.
"That's what it's really all about!" says Abdulhayoglu. "Verification of the Identity and ability to pass this Identity Verification to the end user hence offering "Web Identity Assurance" is the solution to TRUST!"
COMODO sales director, Paul Tourret expects this to herald a change in the market for certificates. "We predict the market over time will move towards people buying Encryption Certificates (SSL Certificates) and Identity Certificates (TrustToolbar Based Certificates) separately," he says, "and that SSL prices as we know now will fall to sub US $25. A reflection of this trend is already seen with Comodo's current SSL prices at US P.O.A. ! Comodo will make sure it is leading the market in providing "Commodity Products at Commodity Prices!"
TrustToolbar also makes the Internet easier to use. Because
of all the information already indexed in the Trusted Directory, users
can navigate simply by typing in a company name - no need for users to
remember complex URL's - and no need for companies to re-register new
generations of dot endings!
The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL, Code Signing, Content Verification and Email Certificate; award winning PC Security software; Vulnerability Scanning services for PCI Compliance; secure e-mail and fax services.
Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and 3,000,000 users of our desktop security products.
For additional information on Comodo - Creating Trust Online® visit Comodo.com
For more information, reporters and analysts may contact:
Office: +1 (888) 266-6361