Since much of our discussions in class involve online security, identity protection online, authentication and secure sites, certificates, I thought these two articles were not only interesting, but relevant.
One of the articles talks about how SSL is due for updates since it came about it the 1990’s. Over the years, the availability of SSL certificates has increased as certificates have dropped in price. In spite of that improved accessibility, even the smallest of sites saw a dip in the reliability of certificates released. The American Bar Association (ABA) Information Security Committee and a key group of SSL certification and web browser players are looking at a new level of SSL certificates with better standards for site identity verification. By working concurrently with developers of browsers, such as Internet Explorer, Firefox and Opera, the goal is to create interfaces that make a site's trustworthiness more visible based on the status of its SSL certificate. The padlock icon will continue to be used for all pages retrieved using SSL/TLS connections, no matter the type of certificate presented, Wilson said. But in the future, browsers will likely change the color of the address task pane, depending on the level of the certificate, with green likely to signify the most trustworthy sites. In addition, some browser developers are considering continuing this color-coded scheme by alerting users to suspicious addresses by lighting the pane yellow or red. The implementation of this standard is very far way, but at least it’s a start for making it easier for users to recognize the suspicious sites and not fall into the trap.
The other article talks about how Verisign, Inc launched a new online identify protection program that includes a new identity authentication network and converted Yahoo, Inc and eBay, Inc to the new program. This will allow financial institutions and e-commerce sites to implement a stronger authentication with a shared infrastructure. The VIP suite also includes a fraud detection program because of its concern for the online fraud and as the Executive VP and general manager of Verisign Security Services stated: “A fresh approach is needed”.
Both these articles touch upon a concern that has become more and more apparent in today’s society, especially with all the e-commerce, online shopping and banking that people are involved it. This increase requires and stronger authentication process and as we saw, security service companies are aware and are in the process of reacting to this concern.
Reference:
From RSA 2006: The color of trustworthy sites
VeriSign signs up eBay, Yahoo to identity program