Jersey City, NJ, December 15, 2009 - In X.509 encryption, discriminating buyers check to be sure that certificate roots are well-protected.
Certificate owners also check the distribution of the roots: can they be found in as many of the major browsers as possible? Owners aim for widespread distribution across all browsers.
Public Key Infrastructure (PKI) certificates allow computer users to encrypt information, scrambling it so that only someone with access to the certificate owner's key can unscramble it.
The key itself is scrambled, as is the key used to scramble it, and so on back to the document that contains the original key, a long string of alphanumeric characters. The document that contains that string is called the root certificate. The root certificate must be kept secure, because millions of digital certificates use it to encrypt or digitally sign billions of documents.
Browsers check for those root certificates in deciding whether or not to trust a new certificate. If the root certificate is in the browser's list of trusted roots, then the browser will accept the new certificate.
The root may be included in Internet Explorer, but what about Firefox? Seamonkey? Camino? If the browser does not accept and trust the root certificate, then the browser will send the user warning messages.
Most reputable certificate authorities have been in business long enough that their root certificates are embedded in many browsers. Comodo, in business since 2001, has more than 99% browser ubiquity.
With so much at stake, the certificate authorities that own the root certificates must protect them diligently. For example, Comodo has issued over one million digital certificates relying upon its root certificates. Advanced physical and logical security and validation practices and procedures ensure that browsers trust Comodo certificates. Comodo securely generates and protects its own private key(s), using a trustworthy system including various Hardware Signing Modules (HSMs), all certified to at least FIPS 140-2 level 3. Comodo takes necessary physical and logical precautions to prevent the compromise or unauthorized use of its devices.
Comodo secure facilities are only accessible to appropriately-authorized individuals. Card access systems control, monitor and log access to all areas of the facility. Comodo CA physical machinery within the secure facility is protected with locked cabinets and logical access control.
Comodo's secure facilities are protected from fire, smoke, flood and water damage.
Comodo secure facilities have primary and secondary power supplies, ensuring continuous, uninterrupted access to electric power. Heating and air ventilation systems prevent overheating and maintain suitable humidity levels.
Comodo employs a redundant CA system to ensure uninterrupted service. Comodo also utilizes secure secondary server and operations sites. Comodo is constantly improving and updating its safeguards to ensure that they meet the highest industry standards.
Measures such as these protect the root keys underpinning Comodo digital certificates. For best use of their digital certificates, knowledgeable certificate owners check the roots before installing. They also look for roots that are widely distributed, and available in many Internet browsers.
About Comodo
Comodo is a leading brand in Internet security, covering an extensive range of security software and services, including digital certificates, PCI scanning, desktop security, online faxing, and computer technical support services.
Businesses and consumers worldwide recognize Comodo as standing for security and trust. Comodo products secure and authenticate online transactions for over 200,000 businesses and have more than 18,000,000 installations of Comodo desktop security software, including an award-winning firewall and antivirus software offered at no charge.
The Comodo family of companies is committed to continual innovation, core competencies in PKI, authentication, and malware detection and prevention. As a catalyst in eliminating online crime, the companies' mission is to establish a Trusted Internet.
With US headquarters overlooking Manhattan on New Jersey's waterfront, and global resources in United Kingdom, China, India, Ukraine, and Romania, Comodo products offer intelligent security, authentication, and assurance.
Comodo -- Creating Trust Online®. For more information, visit Comodo's website.
Subscribe to SSL Journal Email News Alerts
Subscribe via RSS
Ulitzer content is offered under Creative Commons "Attribution Non-Commercial No Derivatives" License.
For any reuse or distribution, you must make clear to others the license terms of this work.
The best way to do this is with a link to this web page.
Any of the above conditions can be waived if you get written permission from Ulitzer, Inc., the copyright holder.
Nothing in this license impairs or restricts the author's moral rights.