25% of Enterprises using SSL cannot be verified
Consumers have the ability to easily verify your corporate identity from your SSL certificate.
New York – April 8th, 2005 — Comodo Inc., the world's second largest High Assurance Certification Authority was acknowledged in the April 2005 Netcraft SSL survey to have grown at a rate of 3 times that of their nearest high assurance competitor over the past 6 months.
Netcraft's SSL survey highlighted that certificates used on 1 in 4 SSL sites are now "domain validated" rather than "organization validated", and that while 3 out of 4 sites do use an organization validated certificate, primarily from Comodo or VeriSign, over the last six months the number of domain validated certificates has grown at twice the rate of organization validated certificates.
The revised format survey follows the trend initiated by Opera software in February 2005 to display critical information contained within the SSL certificate directly to consumers. Previously all Internet browsers had been unable to openly differentiate between high assurance, fully validated certificates, and low assurance domain only validated certificates. Complex in-depth investigation by the consumer was required to make the distinction. The loophole, first identified by KPMG in August 2002 caused a multitude of low assurance providers to enter the market, cutting out critical validation steps and offering worthless certificates to thousands of companies thereby placing consumers at risk. Now with the ability to differentiate assurance levels with ease, consumers are shying away from conducting transactions with merchants whose identity cannot be verified. E-Commerce sites using low assurance certificates are losing business to those using high assurance certificates.
The SSL protocol was specifically devised to create a secure encrypted communication tunnel between client and server. Consumers without the ability to verify the identity of the server have no means to know where the secure tunnel actually terminates and therefore who owns the decryption keys for their 'secure' data. This in itself creates the possibility for man-in-middle attacks, identity theft and loss of critical personal information. Until recently, browsers correctly posted warning messages for server naming errors, expiry date issues or unrecognized public key usage, however no clear information was presented on the entity owning the SSL. Consumers took it on trust that Certification Authorities would protect them and their data by properly vetting the entity to which they issued a certificate. (i.e. Certification Authorities "Certified" the entity). Quite simply, an SSL Certificate without an authenticated, validated entity is worthless. Confidentiality requires encryption. Encryption requires authentication – "What is the point of encryption if you don't know who you are encrypting for?"
Following the introduction of the "Anti-Phishing Act Of 2005" Senator Patrick Leahy commented, "If you can't trust where you are on the web, you are less likely to use it for commerce and communications".
Enterprises around the world should now consider the effect of using low assurance SSL certificates. Can you afford to do business with a site that utilizes a low assurance certificate? Will other companies want to do business with you if you use a low assurance certificate? The potential loss in revenue alone would be devastating, as consumers and business partners exercise the power of choice and move to more trusted providers. The legal liability questions of non-compliance with recent privacy and security legislation such as HIPAA, which specifically addresses the need for entity authentication, are potentially far worse with many service providers possibly unaware of the problem.
"Governments build technology into our currency to allow us to verify the money we have in our wallet is real", says Melih Abdulhayoglu, CEO of Comodo, "Yet the internet has been allowed to evolve missing out vital identity checks that allow us to verify what we see or indeed verify who we are talking to. Comodo offers solutions to both these critical issues. High Assurance SSL certificates and Content Verification Certificate"
Consumers moving to Opera 8 will benefit from automatically being able to differentiate assurance levels through the improved user interface. Consumers using Internet Explorer are recommended to install Verification Engine, a browser enhancement tool offering SSLVerifyT providing a simple and effective check of the entity behind the SSL via a mouse-over action on the golden padlock. Users of Firefox and Mozilla are recommended to install TrustBar.
Comodo is a leading global provider of Risk AlignmentT Services and Business Infrastructure Solutions differentiated by security and total cost of ownership. Comodo's web hosting automation and infrastructure solutions offer enterprise class digital e-commerce products and services. Leveraging from a broad range of security-centric solutions allows customers' telecommunications networks to become more intelligent, reliable, and secure. Maintaining an intense focus on customers who derive strategic value from their business infrastructures has paved the way for a diverse yet perfectly synergistic portfolio of security focused solutions and services. Comodo is the main driving force behind Establishing TrustT initiatives for e-Business, curbing Phishing attacks and creating an Identity Assurance and Brand Protection framework.
Expertise with the life cycle management of Digital Certificate and creation of issuance tools enables Comodo to provide infinitely scalable security deployment to individuals and enterprises alike. Comodo is the world's second largest and fastest growing High Assurance Certification Authority.
Comodo can be reached on + 1.888.266.6361 or + 1.703.581.6361
Netcraft is an Internet services company based in Bath, England. It has explored the Internet since 1995 and is a respected authority on the market share of web servers, operating systems, hosting providers, ISPs, encrypted transactions, electronic commerce, scripting languages and content technologies on the internet. For additional information, visit netcraft.com