IDN and SSL certificates



Similar documents
CREATING, SIGNING, CHAINING, AND

Beginner s Guide to SSL Certificates

BEGINNERS GUIDE BEGINNERS GUIDE TO SSL CERTIFICATES: MAKING THE BEST CHOICE WHEN CONSIDERING YOUR ONLINE SECURITY OPTIONS

What is an SSL Certificate?

QualitySSL by BitEngines Nellikevaenget Vallensbaek Denmark. WWW:

Affordable & Reliable Site Security Solution From SSLIndia.co.in

beginners guide Beginners Guide Certificates the best decision when considering your online security options.

Building Customer Confidence through SSL Certificates and SuperCerts

QualitySSL by BitEngines Nellikevaenget Vallensbaek Denmark. WWW:

Client Authenticated SSL Server Setup Guide for Microsoft Windows IIS

Tel: Tel: +44 (0) Comodo Group.

Certify your Software Integrity with thawte Code Signing Certificates

IBM Security QRadar Version (MR1) Replacing the SSL Certificate Technical Note

The Proposal for Internationalizing cctld Names

Web Security: Encryption & Authentication

Securing Your Apache Web Server With a Thawte Digital Certificate

BEGINNER S GUIDE TO SSL CERTIFICATES: Making the best choice when considering your online security options

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Why strong Validation processes for SSL are essential for the preservation of trust in the Internet economy

Basics of SSL Certification

WebLogic Server 6.1: How to configure SSL for PeopleSoft Application

Securing your Online Data Transfer with SSL

Secure transaction guidelines for external users with Commission personnel.

Certificates, Revocation and the new gtld's Oh My!

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Authentication Guide

Internationalization of the Domain Name System: The Next Big Step in a Multilingual Internet


SSL. Ensure trust with our premium service

Chapter 7 Managing Users, Authentication, and Certificates

Using CertAgent to Obtain Domain Controller and Smart Card Logon Certificates for Active Directory Authentication

Understanding SSL for Apps

Māori Language Domain Names

Internationalized Domain Names -

HP LaserJet Pro Devices Installing 2048 bit SSL certificates

Arcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer

SSL Certificates 101

Thawte SSL Certificate Enrollment Guide

Licensing VeriSign Certificates

Support Advisory: ArubaOS Default Certificate Expiration

Wildcard and SAN: Understanding Multi-Use SSL Certificates

Extended SSL Certificates

NeoMail Guide. Neotel (Pty) Ltd

White Paper. Enhancing Website Security with Algorithm Agility

Internationalised Domain Names (IDNs) necessary or waste of money? IP and the Internet_ a KOLSTER Seminar_ Helsinki 31 May 2012.

Start the HTTP Administration Server. Sign On to the Administration Server

Secure Socket Layer (SSL) Machines included: Contents 1: Basic Overview

<.bloomberg> gtld Registration Policies

Secure IIS Web Server with SSL

ASA 8.x Manually Install 3rd Party Vendor Certificates for use with WebVPN Configuration Example

Industry Leading Encryption Balanced Offerings from domain validated to secure EV certificates Mobile Device Capability Full Service and Support

Using Remote Web Workplace Version 1.01

SSL Guide. (Secure Socket Layer)

Netrust SSL Web Server Certificate New Application Enrolment Guide

(n)code Solutions CA A DIVISION OF GUJARAT NARMADA VALLEY FERTILIZERS COMPANY LIMITED P ROCEDURE F OR D OWNLOADING

Personal Secure Certificate


Websense Content Gateway HTTPS Configuration

How to check if I care for the safety of my Clients?

SSL. Ensure trust with our premium service

Gain a New Level of Trust with Extended Validation SSL Certificates

SolarWinds Technical Reference

General tips for increasing the security of using First Investment Bank's internet banking

Layered security in authentication. An effective defense against Phishing and Pharming

Securing Microsoft Exchange 2010 WITH THAWTE SSL CERTIFICATES

Extended Validation SSL

The future of International SEO. The future of Search Engine Optimization (SEO) for International Business

Faking Extended Validation SSL Certificates in Internet Explorer 7

ADSelfService Plus: Guide to Install SSL Certificate. 1 P a g e

Colonisation of the Internet: Māori Comparative Literature Review.

Realize Greater Profits As An Authorized Reseller Of Network Solutions nsprotect Secure SSL Certificates

Comodo US 3401 E. McDowell Rd, Suite B, Phoenix AZ Tel: (877) COMODO-5 Fax: (720)

IIS 6.0SSL Certificate Deployment Guide

Windows Mobile SSL Certificates

Order of introduction of «.ҚАЗ» domain name

The Benefits of the thawte ISP Program

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

Comodo 2048 bit SSL Certificates. Security for your online business now and long into the future

Ciphermail S/MIME Setup Guide

VeriSign Code Signing Digital Certificates for Adobe AIR Technology

Personal Secure Certificate

Certificate technology on Pulse Secure Access

How To Install A Citrix Netscaler On A Pc Or Mac Or Ipad (For A Web Browser) With A Certificate Certificate (For An Ipad) On A Netscaler (For Windows) With An Ipro (For

WS_FTP Pro. Addendum to User s Guide. Software Version 6.6. Ipswitch, Inc.

Certificate technology on Junos Pulse Secure Access

E-Commerce: Designing And Creating An Online Store

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

Portal Administration. Administrator Guide

Internationalization of Domain Names

WHITE PAPER. Licensing VeriSign Certificates: Securing Multiple Web Server and Domain Configurations

Draft WGIG Issue Paper on the Multilingualization of

Internationalizing the Domain Name System. Šimon Hochla, Anisa Azis, Fara Nabilla

Using a custom certificate for SSL inspection

10972B: Administering the Web Server (IIS) Role of Windows Server

ADFS Integration Guidelines

ENROLLMENT GUIDE EASY GUIDE TO THE VERISIGN ENROLLMENT PROCESS IT'S QUICK AND EASY

Wavecrest Certificate

Installation Procedure SSL Certificates in IIS 7

Transcription:

IDN and SSL certificates ICANN Cape Town, December 2004 Valentin Németh, senior engineer, Thawte Consulting

Who we are Thawte Consulting (Pty) Ltd., based in Cape Town, South Africa; the second largest Certificate Authority (CA) world-wide; started operating in 1995 and issued its first SSL certificate issued : 12 June 1996; the first Certificate Authority to issue a digital certificate outside of the U.S.; have issued over 480,000 SSL and Code Signing certificates and over 747,000 Personal Certificates in 172 countries; employ over 100 staff; support 28 languages; dedicated to the open source community; the company was acquired by VeriSign Inc. in 1999, but runs as a separate entity; a unique company. No one matches the precise mix of values, skills and assets we bring to our customers. Importantly, our commitment to the egalitarian ethos of the Internet and our focus on extending a trusted relationship on the Internet to anyone, anywhere mean that there is no other company quite like us.

IDN and Internet trust Current Internet trust model: CA verifies that a domain name belongs to a given company and issues digital certificate. User visits company web site, browser downloads certificate. The browser matches domain name embedded in the certificate with the domain name of the download path. If they match and the certificate signature verifies, browser displays closed padlock. User typically continues with transaction. If domain names do not match or certificate signature does not verify, browser displays warning. User typically aborts transaction

IDN and Internet trust What is the problem with trust in IDNs? The domain name as the user knows it in its native language form and the domain name that actually works are different! Native language form www.szépjónapot.hu www.grützi.ch www. 欢 迎.cn www. здраствуйте.ru Punycode encoded form www.xn--szpjnapot-c4a6i.hu www.xn--grtzi-lva.ch www.xn--7jw659e.cn www.xn--80aeeggp0cjjcj.ru Would you trust the punycode encoded form?

IDN and Internet trust What is the problem with IDN in SSL server certificates? Basic trust model still the same, but what domain name should be embedded in the digital certificate? The native language one? This is what the user expects. However, the embedded domain name doesn t match the domain name of the download path browser issues warning. User will not trust and typically aborts the transaction. The punycode encoded one? This is not what the user expects. However, the embedded domain name does match the domain name of the download path browser shows closed padlock User will still not trust and typically aborts the transaction. Biggest limiting factor in ecommerce is users trust!

IDN and Internet trust Would you trust this site?

Securing IDN Why should IDNs be secured? 92% of the world speaks a primary language other than English (*) 48% of Internet users are non-native English speakers (*) By 2003, non-english speakers represented two-thirds of all Internet users (*) By 2007, Chinese will be the #1 web language (*) Additional vulnerability in a foreign language environment. Phisers are likely to attack using similarly looking/sounding names. Although IDN is considered as an early adopter market, there are already roughly 1 million delegations world-wide. Studies show that approximately 2-3% of domain names have been secured with SSL certificates. 2% of 1 million is a significant number! Important drive is to securing Intellectual Property and trade-mark company and product names in their original form. The number of IDN delegations has been growing exponentially. (*) source: http://www.walid.com

Securing IDN Synopsis User instinctively trusts the native language IDN and distrusts machine readable, encoded forms. Network transactions are done in encoded form. X509 specification supports UTF-8 to display native language characters. X509 specification supports multiple domain names in a single certificate. Design guidelines Establish users trust by Maximize the presence of the native language form in displays to the user; Minimize the presence of the punycode encoded form in displays to the user. Provide sufficient amount of punycode data to allow network transactions to continue working Secure IDN must work in current browser environment without additional software or updates.

Secure IDN Would you trust this site?

Securing IDN You can trust this site!

Secure IDN http://www.thawte.com/idn Fully internationalized SSL certificate enrollments. Fully internationalized code signing certificate enrollments. Fully internationalized SSL certificates supporting IDNs.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information