What is the point of encryption if you don't know who for?
May 30, 2005 (PRLEAP.COM) Technology News
New York. Dr. Walter, Head of Cryptography for Comodo Inc. and chair of the Trusted Computing Group (TCG) Peripheral Working Group, has clarified the relationship between encryption and authentication. The blurred definition to date has split the Certificate Authority industry into two groups. Authorities such as Comodo and VeriSign compete head to head, to deliver high assurance digital certificates whilst other groups concentrate on the low assurance market. Dr. Walter's white paper clarifies that domain only validation without entity authentication is literally "worthless" as a method of securing online transactions. In the paper 'What is the point of encryption if you don't know who for', Dr. Walter discusses the need for the encrypted transmission of confidential information and the technology unpinning it before highlighting the ruinous implications of the emergence of low assurance digital certificates for the future of e-commerce. "An SSL encrypted session between web browser and the web server provides a secure tunnel, but by default does not provide assurance in the identity of the end entity. Whilst a few high assurance providers continue to offer high assurance validation processes, many more low assurance providers are entering the market offering high speed, low value automated validation procedures. These low assurance products are not appropriate for encryption and do not provide either reliable privacy or trust. Enterprises have a responsibility to ensure that the use of high assurance SSL certificates provides customers with the identity assurance and confidence to make safe, secure on-line transactions."
Dr. Walter argues that the trust relationship between customers and merchants must be successfully transferred into the Internet age using the high assurance model of both domain and entity authentication. In failing to do this the future of a 'multitude of e-commerce ecosystems' is jeopardized and left at the continued mercy of online fraudsters. "Providers of low assurance SSL certificates do not perform all the necessary checks, choosing instead to offer a reduced cost, rapid fulfillment model. This is in direct conflict to accepted industry practice and serves as a source of distrust, confusion and fear for internet users."
Dr. Colin Walter is the Head of Cryptography at Comodo Inc., Chairman of Peripherals Working Group - Trusted Computing Group and Co-chair - Cryptographic Hardware and Embedded Systems.
http://www.securitydocs.com/library/3301
http://www.instantssl.com/ssl-certificate-products/encryption.html
About Comodo
Comodo is a leading global provider of Risk Alignment™ Services and Business Infrastructure Solutions differentiated by security and total cost of ownership. Comodo's web hosting automation and infrastructure solutions offer enterprise class digital e-commerce products and services. Leveraging from a broad range of security-centric solutions allows customers' telecommunications networks to become more intelligent, reliable, and secure. Maintaining an intense focus on customers who derive strategic value from their business infrastructures has paved the way for a diverse yet perfectly synergistic portfolio of security focused solutions and services. Comodo is the main driving force behind Establishing Trust™ initiatives for e-Business, curbing Phishing attacks and creating an Identity Assurance and Brand Protection framework.
Expertise with the life cycle management of Digital Certificates and creation of issuance tools enables Comodo to provide infinitely scaleable security deployment to individuals and enterprises alike. Comodo is the world's second largest and fastest growing High Assurance Certification Authority.
www.comodo.com | www.enterprisessl.com | www.trustfax.com | www.trustix.com
Comodo can be reached on (US) +1 800 772 5185 (Europe) +44 (0) 161 874 7070
http://www.comodogroup.com/news/press_releases/25_05_05.html