High Assurance / Enhanced Validation Name of Presenter: Kevin Brown Date: August 5th Confidential.
-
Upload
bertram-doyle -
Category
Documents
-
view
216 -
download
1
Transcript of High Assurance / Enhanced Validation Name of Presenter: Kevin Brown Date: August 5th Confidential.
How Safe Is The Internet ?
• SSL Phishing Attack targets Mountain America Credit Union
• 450 SSL Phishing Attacks were reported in 2005
• 18,480 Phishing incidents were reported in March 2006 alone.
SOURCE: Washington Post, Anti-Phishing Workgroup, January 2006
Where is the Trustworthiness on the Internet ?
• The Certificate Practice Statement (CPS) from one Certificate Authority (CA) to another can differ
• A CA can issue a certificate as long as they follow the policies in their CPS
• There is no industry standard amongst CAs
• No means for online users to identify the type of SSL Cert issued
Where to from here?
thawte is involved with the CA Browser Forum, comprised of:
– American Bar Association– Information Security Committee – Browser manufacturers– Certificate Authorities
The purpose of which is to define industry standard online identity assurance processes.
What is High Assurance (HA) ?
– Delivering an industry standard for Identity Assurance
– Modifying existing online identity assurance processes
– Improved browser representation of online identities
How is HA different from the current Verification and Authentication process for High Auth certs?
• The process is intended to be more comprehensive and standardized across the entire industry.
• The new standards/processes will have to be adhered to by all CAs who wish to offer HA Certs.
• This will encourage greater confidence in CAs and in the processes that are used to vet and issue digital certificates.
7
High Assurance is a Driver for SSL Growth
Green URL shows up forhigh assurance certs
Name of Organization that cert is issued to
CA that performedthe “high assurance” authentication
High Assurance
Low Assurance / Domain Validated
No Green URL
No Organization nameor CA included in UI
High Assurance Certificates will increase brand preference and drive increased SSL adoption
Current beta version subject to change
8
Other Browsers have already made Usability enhancements (Opera, NetScape and FireFox)
Opera
Firefox
Netscape
it’s a trust thing
• As the CA of choice for hundreds of thousands we enable trust on the Internet
• An industry standard for SSL certificates will: – enable companies to earn the trust of their users and customers– instill confidence in people– enable a trustworthy Internet
• HA will give credence to what we do