News

The latest news from Comodo

SSL Provider Comodo Online Status Protocol Means Flexibility

Jersey City, NJ, January 15, 2009 - A manager gives a key to an employee so the employee can drive a locked truck. The manager controls use of the key and the equipment; if the employee leaves the company, or if the employee dies, the manager is responsible to get the key back or change the locks.

But when the employee is instead driving a truckload of information down the information superhighway, handing out and retrieving the key can be more complicated.

Businesses protect their digital information in transit using Public Key Infrastructure.

Public Key Infrastructure is based on the idea of two "keys" for each server or mailbox. The first key is public, available for wide distribution, and for example this key might be included in every email you send. The second is "private." The private key is kept secret. You never show this private key to anyone, but you use to sign or encrypt information.

Digital certificates are small electronic documents which are the best way to share your public key. They are nearly impossible to usefully forge because they are signed (think "certified") by a Trusted 3rd party such as Comodo.

With the encryption facilitated by SSL or by encrypted email the employee can send or receive information securely. Even from a wireless-enabled laptop at a truck stop.

The manager's problem crops up again if the employee suddenly leaves the company. With a certificate using the employee's private key, an employee who is no longer entitled to it can still access privileged information.

Certificate authorities have addressed this problem by regularly issuing "Certificate Revocation Lists" or CRLs. When the employee's certificate is rendered invalid, the certificate authorities add it to their lists, nullifying communications that attempt to use the certificate.

A sleeker and more secure method of nullifying the certificates is the Online Certificate Status Protocol or OCSP. This protocol allows computers to check the status of certificates in real time. The computers access servers that respond to requests for status checks; the servers are called OCSP Responders.

Comodo, the second-largest issuer of high assurance digital certificates, offers OCSP as a standard feature. Its OCSP responder has been developed in-house, designed to be stable, fast and scalable.

Unlike other Certificate Authorities and OCSP Responders, Comodo's response is not based on the CRL. Unlike most other Certificate Authorities, Comodo is able to sign each OCSP Response using the same Certificate Authority that signed each certificate. This reduces by 75% the amount of data that the OCSP Responder needs to return to the customer.

Specifically, since Comodo's OCSP Response does not depend on the CRL, it can accurately identify a questioned certificate as "good," "revoked," or "unknown." OCSP responders checking only the CRL can only respond "revoked," for certificates already on the CRL, or "unknown" for all other certificates.

Most importantly, whenever a new certificate is issued, or an old one is revoked, Comodo's OCSP Responder receives and acts upon the information within a few minutes. CRL-based OCSP Responders only find out about the certificate status changes as many as 24 hours later when the next CRL is published.

For more information, visit Comodo.com .

About Comodo

The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL , Code Signing , Content Verification and Email Certificate ; award winning PC Security software; Vulnerability Scanning services for PCI Compliance ; secure e-mail and fax services.

Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and has over 10,000,000 installations of desktop security products.

For additional information on Comodo - Creating Trust Online® visit our website .

For more information, reporters and analysts may contact:
Katharine Hadow
Comodo--Creating Trust Online
+1 (201) 963 0004 x4073
Email: media-relations@comodo.com