Certificates and Web Site Security
The most common use of certificates is for HTTPS-based web sites. A web browser validates that a TLS (Transport Layer Security) web server is authentic, so that the user can feel secure that his/her interaction with the web site has no eavesdroppers and that the web site is who it claims to be. This security is important for electronic commerce. In practice, a web site operator obtains a certificate by applying to a certificate provider (a CA that presents as a commercial retailer of certificates) with a certificate signing request. The certificate request is an electronic document that contains the web site name, contact email address, and company information. The certificate provider signs the request, thus producing a public certificate. During web browsing, this public certificate is served to any web browser that connects to the web site and proves to the web browser that the provider believes it has issued a certificate to the owner of the web site.
Before issuing a certificate, the certificate provider will request the contact email address for the web site from a public domain name registrar, and check that published address against the email address supplied in the certificate request. Therefore, an https web site is only secure to the extent that the end user can be sure that the web site is operated by someone in contact with the person who registered the domain name.
As an example, when a user connects to https://www.example.com/ with his browser, if the browser gives no certificate warning message, then the user can be theoretically sure that interacting with https://www.example.com/ is equivalent to interacting with the entity in contact with the email address listed in the public registrar under "example.com", even though that email address may not be displayed anywhere on the web site. No other surety of any kind is implied. Further, the relationship between the purchaser of the certificate, the operator of the web site, and the generator of the web site content may be tenuous and is not guaranteed. At best, the certificate guarantees uniqueness of the web site, provided that the web site itself has not been compromised (hacked) or the certificate issuing process subverted.
Read more about this topic: Public Key Certificate
Famous quotes containing the words web, site and/or security:
“Being so wrong about her makes me wonder now how often I am utterly wrong about myself. And how wrong she might have been about her mother, how wrong he might have been about his father, how much of family life is a vast web of misunderstandings, a tinted and touched-up family portrait, an accurate representation of fact that leaves out only the essential truth.”
—Anna Quindlen (b. 1952)
“I am not aware that any man has ever built on the spot which I occupy. Deliver me from a city built on the site of a more ancient city, whose materials are ruins, whose gardens cemeteries. The soil is blanched and accursed there, and before that becomes necessary the earth itself will be destroyed.”
—Henry David Thoreau (1817–1862)
“Learned institutions ought to be favorite objects with every free people. They throw light over the public mind which is the best security against crafty and dangerous encroachments on the public liberty.”
—James Madison (1751–1836)