Choosing amongst the different certificate types
Imagine three brothers. The youngest is nimble, outgoing, and popular. He’s also growing very rapidly and will soon be the tallest in the family. The oldest is steady, thoughtful, and circumspect. He’s a high achiever, in a job with lots of responsibilities and makes loads of money. But what about the middle sibling? The classic middle child syndrome would have him struggling to find his niche between these two exemplars.
It’s much the same (as far as analogies go) with the three types of SSL/TLS certificates – Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV) – available for use in the internet security ecosystem.
First, just like siblings, all three share the same genes. That is, from a cryptographic point of view, all three certificates provide exactly the same level of confidentiality and integrity protection of the communications channel by using standard security technologies (private/public keys, cipher suites, encryption algorithms, etc.) in exactly the same way using SSL/TLS. The difference, as with siblings, is how they interact with their environment and take advantage of the opportunities presented to create and project their public persona. The choice of a certificate type for a website aims at projecting a particular image of its trustworthiness and dependability. Is the site trustworthy enough to interact with for the purposes the end user has in mind?
Read the rest of this post »