|
What is the point of encryption if you don't know who for?
Dr. Colin D. Walter clarifies the need for authentication when performing encryption.
New York, 25th May 2005. Dr. Walter, Head of Cryptography for Comodo Inc. and chair of the Trusted Computing Group (TCG) Peripheral Working Group, has clarified the relationship between encryption and authentication. The blurred definition to date has split the Certificate Authority industry into two groups. Authorities such as Comodo and VeriSign compete head to head, to deliver high assurance digital certificates whilst other groups concentrate on the low assurance market.
Dr. Walter's white paper clarifies that domain only validation without entity authentication is literally "worthless" as a method of securing online transactions. In the paper 'What is the point of encryption if you don't know who for', Dr. Walter discusses the need for the encrypted transmission of confidential information and the technology unpinning it before highlighting the ruinous implications of the emergence of low assurance digital certificates for the future of e-commerce. "An SSL encrypted session between web browser and the web server provides a secure tunnel, but by default does not provide assurance in the identity of the end entity. Whilst a few high assurance providers continue to offer high assurance validation processes, many more low assurance providers are entering the market offering high speed, low value automated validation procedures. These low assurance products are not appropriate for encryption and do not provide either reliable privacy or trust. Enterprises have a responsibility to ensure that the use of high assurance SSL certificates provides customers with the identity assurance and confidence to make safe, secure on-line transactions."
Dr. Walter argues that the trust relationship between customers and merchants must be successfully transferred into the Internet age using the high assurance model of both domain and entity authentication. In failing to do this the future of a 'multitude of e-commerce ecosystems' is jeopardized and left at the continued mercy of online fraudsters. "Providers of low assurance SSL certificates do not perform all the necessary checks, choosing instead to offer a reduced cost, rapid fulfillment model. This is in direct conflict to accepted industry practice and serves as a source of distrust, confusion and fear for internet users."
Dr. Colin Walter is the Head of Cryptography at Comodo Inc., Chairman of Peripherals Working Group - Trusted Computing Group and Co-chair - Cryptographic Hardware and Embedded Systems.
http://www.securitydocs.com/library/3301
http://www.instantssl.com/ssl-certificate-products/encryption.html
About Comodo
Comodo is a leading global provider of Risk Alignment Services and Business Infrastructure Solutions differentiated by security and total cost of ownership. Comodo's web hosting automation and infrastructure solutions offer enterprise class digital e-commerce products and services. Leveraging from a broad range of security-centric solutions allows customers' telecommunications networks to become more intelligent, reliable, and secure. Maintaining an intense focus on customers who derive strategic value from their business infrastructures has paved the way for a diverse yet perfectly synergistic portfolio of security focused solutions and services. Comodo is the main driving force behind Establishing Trust initiatives for e-Business, curbing Phishing attacks and creating an Identity Assurance and Brand Protection framework.
Expertise with the life cycle management of Digital Certificates and creation of issuance tools enables Comodo to provide infinitely scaleable security deployment to individuals and enterprises alike. Comodo is the world's second largest and fastest growing High Assurance Certification Authority.
www.comodo.com | www.enterprisessl.com | www.trustfax.com | www.trustix.com
Comodo can be reached on (US) +1 800 772 5185 (Europe) +44 (0) 161 874 7070
|
Company: Comodo
| Related press releases |
SSLGenie offers 256 bit encryption, a perfect solution to your security needs. [2007-11-06 12:40:33]
SSLGenie is the standard security technology for creating an encrypted link between a web server and a web browser. The link ensures that all data passed between the web server and browser remains pri...
|
|
Encryptafile 1.4 is now available [2008-01-15 01:56:21]
New features include:
Availability for export to other countries
Encryption of text or string data that one can use to encrypt email or other standard text data
Decryption of text
Right-click Wind...
|
|
SMCs New EliteConnect 802.11b/g Wireless Access Point Brings Secure, High-Perfo... [2004-09-11 00:00:00]
EliteConnect 2.4GHz 802.11g Wireless Access Point makes Enterprise Computing mobile
IRVINE, CA February 14, 2004-SMC Networks (www.smc.com), leading provider of networking solutions for the SMB/e, t...
|
|
Version 2.2 of Allatori Java Obfuscator is released. [2008-07-10 16:12:41]
Allatori Java Obfuscator belongs to the second generation obfuscators' family and has all spectrum of opportunities on protection of your intellectual property. In the Allatori arsenal there are the f...
|
|
iPig Secures Any Public WiFi Hotspot Connection [2005-09-20 00:00:00]
iPig Secures Any Public WiFi Hotspot Connection
iOpus Software has released iPig V1.0 Beta (Freeware), the new and unique tool for secure connections at any public hotspot or network:
Do you connect...
|
|
CryptoStorage for Pocket PC v.1.5.1 has been released! [2005-09-02 00:00:00]
CryptoStorage for Pocket PC
Cryptographic storages for your private files.
CryptoStorage is a reliable and easy-to-use system for encrypting private data on your Pocket PC
and controlling access to it...
|
|
The new Program from Valeri Vlassov is released: VIGps 1.0 (GPS Navigator with u... [2005-12-24 00:00:00]
GPS Navigator with using a scanned maps and possibility to open a lot of maps together.
- you can show a current GPS data (Speed, Direction, Longitude, Latitude, Time, Date, Height);
- you can open ...
|
|
What is the point of encryption if you don't know who for? [2005-05-26 00:00:00]
Dr. Colin D. Walter clarifies the need for authentication when performing encryption.
New York, 25th May 2005. Dr. Walter, Head of Cryptography for Comodo Inc. and chair of the Trusted Computing Gro...
|
|
P-Encryption Suite 3.0: Maximum Protection for Your Documents [2005-09-21 00:00:00]
P-Encryption Suite 3.0: Maximum Protection for Your Documents
The Popular Encryption Software Provides a Totally Secure Environment to Store and Modify Encrypted Documents without Leaving Traces Behi...
|
|
Are Your Data safe? SecuKEEPER secure your data with all-in-one encryption. [2005-08-18 00:00:00]
I have released a new password-protection software-SecuKEEPER, It is a good and cheap File Encryption Software! Only US$29.99! Today you do not go spending hundreds of dollars on encryption software. ...
|
|
|
|
| AntiDebugLIB V2.2 Ultimate Version |
 AntiDebug LIB V2.2 is an advanced software encryption tool for windows ,which can help software developers protect their applications against advanced reverse engineering and software cracking. |
|
| Arovax TraySafe Password Manager Personal |
 TraySafe password manager allows you to forget passwords! It will save and protect them for you: encryption and hashing algorithms, autoinsert and autofill, hardware ID, USB drive support.
You can forget passwords and you will not lose them! |
|
| Ez4file (Personal Edition) |
 The Ez4file allows you to access and manage files woldwide using a Web broswer. It features with Virtual Directory, password encryption, 100+ MB file upload, bulk file/folder copy/paste/delete, clipboard view/clear. It is an alternative to FTP. |
|
| PowerZip |
 PowerZip makes zipping / unzipping quick & simple while providing advanced compression & security features:
- Easy to use Wizards
- Strong encryption (256-bit AES)
- Supports 12 types of archives
- Create PowerZip Macro files to automate backup |
|
| Titan Backup |
 The ultimate backup solution - Secure, Automated, Easy-to-use backups of your important files and documents, emails and rules, registry, settings.Features 256-bit AES encryption to ensure full security of your confidential data. |
|
| SecuKEEPER |
 Are your data safe?SecuKEEPER is an ALL-IN-ONE file encryption software design to secure your files and folders from prying eyes, which designing four protection method(hide/rapidly lock/encrypt/private coffer). Furthermore offer Password Manager. |
|
| Super Flexible File Synchronizer |
 Easy but powerful backup and synchronization of laptops, PCs, servers, and backup storage. Multiple profiles, FTP (with SSL), SSH, WebDAV, Amazon S3, http, partial file updating, ZIP and encryption support, as well as a scheduler & Real Time Sync. |
|
|
Latest press releases
