![\"\"](\"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-content\/uploads\/2017\/06\/NOcert.png\")
<\/p>\nMuch of life is now online, so online security is critical. While many aspects of security are infrastructural, users must still make key decisions. In particular, users must decide websites to trust, and which to avoid. How can users know if a website is truly what it claims to be? This is a pivotal issue.<\/p>\n
When attackers can convince users to trust their sites, though phishing other strategies, credentials are captured, user security and privacy easily compromised, malware downloaded, and infrastructure undermined. The introduction of the secure sockets layer (SSL) in 1995 was an important advance, using asymmetric cryptography to support both in-transit encryption and assurance of identity using X.509 certi\ufb01cates. Web servers and browsers can implement the encryption and decryption, and browsers can convey the identity information to users via the browser chrome interface. The technical aspects of SSL, however, only provide technical con\ufb01rmation of identity, that being necessary to enable successful encryption. For example, \u201cSelf-Signed Certi\ufb01cates\u201d, can be used, and they o\ufb00er no assurance of identity to end-users.<\/p>\n
To support users in assessing real-world identity, some external con\ufb01rmation is necessary, and this is the role of Certi\ufb01cate Authorities (CAs). Even this con\ufb01rmation can be limited, however, and \u201cDomain-Validated\u201d certi\ufb01cates typically only con\ufb01rm that requestors do control the domain. This is of only limited assurance, and is typically obtained quickly by requestors. More con\ufb01rmation of identity, and thus assurance to users, is provided by \u201cOrganization-Validated\u201d certi\ufb01cates, where CAs do verify the identity of the organization making the request. And more recently, \u201cExtended Validation\u201d certi\ufb01cates have become o\ufb00ered, where the con\ufb01rmation of identity is more comprehensive, thus o\ufb00ering more assurance to users of the real identity of websites.<\/p>\n
No Cert:<\/p>\n
<\/p>\n
DV Cert:<\/p>\n
![\"\"](\"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-content\/uploads\/2017\/06\/DVcert.png\")
<\/p>\n
EV Cert:<\/p>\n
![\"\"](\"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-content\/uploads\/2017\/06\/EVcert.png\")
<\/p>\n","protected":false},"excerpt":{"rendered":"
Much of life is now online, so online security is critical. While many aspects of security are infrastructural, users must still make key decisions. In particular, users must decide websites to trust, and which to avoid. How can users know if a website is truly what it claims to be? This is a pivotal issue. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":9,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1214","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-json\/wp\/v2\/pages\/1214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-json\/wp\/v2\/comments?post=1214"}],"version-history":[{"count":7,"href":"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-json\/wp\/v2\/pages\/1214\/revisions"}],"predecessor-version":[{"id":1247,"href":"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-json\/wp\/v2\/pages\/1214\/revisions\/1247"}],"up":[{"embeddable":true,"href":"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-json\/wp\/v2\/pages\/9"}],"wp:attachment":[{"href":"https:\/\/hotsoft.carleton.ca\/hotsoft\/wp-json\/wp\/v2\/media?parent=1214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}