Chapter 7. Certification Authorities and Server Certificates
In the previous chapter, we looked at the theoretical and legal benefits and problems of digital identification techniques, and the ongoing efforts to create a public key infrastructure. In this chapter, we’ll look at a variety of certificates available today.
Certificates Today
Digital certificates give people, organizations, and businesses on the Internet simple ways to verify each other’s identity. For consumers, some of the advantages of certificates include:
A simple way to verify the authenticity of an organization before providing that organization with confidential information.
The knowledge that, if worse comes to worst, consumers can obtain the organization’s physical address and legally registered name, so as to pursue legal action against the company.
For businesses, the advantages include:
A simple way to verify an individual’s email address without having to verify it by sending a piece of email. This cuts the transaction time, lowering cost. It can also prevent the abuse of email—for example, if an organization only allows people to sign up for a mailing list by presenting a digital ID, it isn’t possible for an attacker to maliciously subscribe people to that mailing list without their permission.
A simple, widely used way for verifying an individual’s identity without using usernames and passwords, which are easily forgotten and shared between users.
Instead of trying to manage large lists of users and passwords, ...
Get Web Security and Commerce now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
