What is the point of SSL Encryption if you don’t know who for?
Dr. Colin D. Walter clarifies the need for authentication when performing encryption.
New York, 25th May 2005. Dr. Walter, Head of Cryptography for Comodo Inc. and chair of the Trusted Computing Group (TCG) Peripheral Working Group, has clarified the relationship between encryption and authentication. The blurred definition to date has split the Certificate Authority industry into two groups. Authorities such as Comodo and VeriSign compete head to head, to deliver high assurance digital certificates whilst other groups concentrate on the low assurance market.
Dr. Walter's white paper clarifies that domain only validation without entity authentication is literally "worthless" as a method of securing online transactions. In the paper 'What is the point of encryption if you don't know who for', Dr. Walter discusses the need for the encrypted transmission of confidential information and the technology unpinning it before highlighting the ruinous implications of the emergence of low assurance digital certificates for the future of e-commerce. "An SSL encrypted session between web browser and the web server provides a secure tunnel, but by default does not provide assurance in the identity of the end entity. Whilst a few high assurance providers continue to offer high assurance validation processes, many more low assurance providers are entering the market offering high speed, low value automated validation procedures. These low assurance products are not appropriate for encryption and do not provide either reliable privacy or trust. Enterprises have a responsibility to ensure that the use of high assurance SSL certificates provides customers with the identity assurance and confidence to make safe, secure on-line transactions."
Dr. Walter argues that the trust relationship between customers and merchants must be successfully transferred into the Internet age using the high assurance model of both domain and entity authentication. In failing to do this the future of a 'multitude of e-commerce ecosystems' is jeopardized and left at the continued mercy of online fraudsters. "Providers of low assurance SSL certificates do not perform all the necessary checks, choosing instead to offer a reduced cost, rapid fulfillment model. This is in direct conflict to accepted industry practice and serves as a source of distrust, confusion and fear for internet users."
Dr. Colin Walter is the Head of Cryptography at Comodo Inc., Chairman of Peripherals Working Group – Trusted Computing Group and Co-chair – Cryptographic Hardware and Embedded Systems.
The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL, Code Signing, Content Verification and Email Certificate; award winning PC Security software; Vulnerability Scanning services for PCI Compliance; secure e-mail and fax services.
Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and 3,000,000 users of our desktop security products.
For additional information on Comodo – Creating Trust Online® visit Comodo.com
For more information, reporters and analysts may contact:
Office: +1 (888) 266-6361