|
| Home / Users' blogs / Tag: https Today I'd want to talk about such things as "certificates".
Accessing certain sites, you can see a browser warning about the unreliability of the certificate. For example, such message for Firefox:
Or for Chrome:
What does this mean?
For a better understanding let us explain a little bit about the protocol https. Generally speaking, this is not a separate protocol, but only a normal http, but with encryption. Encryption is usually ssl or higher tls (details can be found in wikipedia). To ensure encryption data transferring the key is required . Here is the key, and it contains a digital certificate.
Encryption is usually necessary to login somewhere, so the attacker, who can theoretically intercept your traffic can not receive the password from the website to which you are logging in.
However, there is one more very important feature of this approach - protection against phishing. And such an application may be equally important. After all, in fact, the certificate confirms that we are dealing precisely with the desired site, and not any other.
Just as the identity in real life. And like a real life identities, certificates issued by the competent organizations. When instead of ID card you'd be presented a pass to the library of the village Pines of Bryansk region, you could reasonably doubt the authenticity of the document, as a minimum, you have never seen how a real pass to the library looks like .
Like a passport can be issued by special state service, the certificate can be issued only by the Certificate Authority (CA). The task is more difficult - since there are quite a lot of such organizations in the world. Typically, the browser contains a list of organizations whose certificates do not cause the message shown above. For example, login to https in the system livejournal and no warnings will be. If we look at the properties of the certificate, you'll see information about the CA, which is charged that this site really is livejournal:
You can access the same details of the certificate:
There are more details that can be seen by whom, when and to whom the certificate was issued, as well as the expiry of its validity.
Browser makers removed the responsibility from the users to understand whether you can trust the organization issuing the certificate - it happens automatically. In general case - if your browser does not hit the alarm, then the certificate can be trusted.
But there may be some exceptions. For example, small organizations are wishing to provide a secure connection, but are not able to use the CA services to create certificates:
Here, for example, the domain is for himself made the certificate. In this case, an encrypted connection will still be reliably protect data channel. The only thing that changed - the user himself should be attentive, and not rely on the browser.
There is nothing wrong, unless of course the site is not phishing. Here we require our attention. It turns out that if you go to an unknown site in order to, for example, to get a mail and see that the connection is made to https, and the certificate is not trusted, then there is nothing wrong to manually add the certificate. If the site was created by an intruder, then most likely he would not enclose secure connections, and would make use of the usual http, so as not to attract too much attention of the user. But if you for some time used the mail and suddenly saw the message about the unreliability of the certificate, you should at least take a closer look to data typed in the address bar and check the file hosts.
In general, the signing of the certificate itself is considered a sign of bad taste in matters of security. But such a leading Certification Authority VeriSign makes its certificate by itself:
The same, however, for a little less well-known and already mentioned Thawte:
So if you suddenly see a message stating that your browser does not trust the security certificate do not think that a site is untrustworthy or contains malware. But paying attention to this, of course, is necessary.
Dmytro Krasylnikov
"Design and Test Lab", Ltd. 2010
/specially for www.av-school.com/ | |
Rating: +1
1 |
| |
 | |  |
|
|
| Total number of registered users: |
4809 |
| Online: |
11 |
| Newbe: sheashpek |
Who's online: |
| Guests online: |
11 |
| Maximum online (10 May 2011) |
80 |
|
|
|
) 
