At the front lines of protecting the Internet

VeriSign's CTO on securing the DNS infrastructure and whether new identity certificates add any value

Users have a tendency to ignore or bypass digital certificate errors, undermining the whole system of trust. What can be done to improve the user's security experience in light of that fact? What are browser vendors missing?

VeriSign has been working closely with browser vendors to improve the user experiences, but there isn't enough real estate in the browser to do it perfectly. But many vendors, especially Microsoft, are doing innovative things like Extended Validation (EV) certificates. When a user browses to an EV-protected Web site, an EV-enabled browser [such as Microsoft Internet Explorer 7, Mozilla Firefox 2, and Opera 9.5] will turn the address bar green, identifying that the site as trusted using the strongest assurance we can offer today. Users can trust EV certificates. It is proven that sites that use EV certificates have much lower abandonment rates than sites without EV. For example, Overstock.com found users were abandoning their shopping cart at the point at which they were supposed to put in their credit card information ... at the moment they really needed to trust the vendor. Overstock.com start using EV certificates and saw a 16,000 times return on investment.

Critics say that Extended Validation is really asking consumers to pay more for the trust assurance that they were originally promised in normal Class 3 Web site certificates. How do you respond?

EV gives the certification authority vendor more time to do the proper validation. With EV, we do a complete background investigation, including a financial check, articles of incorporation, and verifying their identity.

But that's included with the normal Class 3 certs. What's different?

We ensure the subject is who they say they are and that they own the domain.

Again, VeriSign does this with Class 3 certificates, so what's different?

VeriSign has always done a high-quality assurance job, but more time to conduct the background investigation means improved security for everyone. Plus, prior to EV, each CA [certification authority] could determine what processes were performed to provide assurance. A user could not be assured about whether a CA vendor did the same high-quality checks without reading the assurance statements. EV defines what assurance processes must be accomplished prior to the issuance of an EV certificate. An EV certificate means consistent, standard assurances across CA vendors.

How will Web services, SaaS (software as a service), and cloud computing affect VeriSign and DNS over the next 10 years?

Any new Web functions, like Web 2.0, will impact us. Today, it's normal for a single Web site page to generate 20 DNS queries. [Our challenge is] not only scaling, but making sure that services are always reliable, especially with services such as TV and telephony coming over the Internet. With some new services, we have created a game-changer. Our VeriSign Identity Protection Services generate a single token or one-time password on any device the customer or vendor desires (such as a cell phone or credit card). It can be used across multiple sites and vendors. You can use that one token to do a lot more in your life than you previously could using older technologies.

In the future, you might be able to say something similar to the LifeLock CEO on TV [who promotes his identity protection service by reading out his Social Security number] and say, "My real password is ..." and not minimize your security. The authentication, identity, and protection will be in the cloud. Ask yourself: Would we use bank cards as much as we do today if they only worked at your bank? No, banks created the ATM network to allow users to shop and spend nationwide and globally. We've essentially done the same thing in the online world. We allow one token or password to be used in multiple places. It's like an ATM network for the online world. Visit our new Personal Identity Portal to see the beta. It's very cool.

A few years ago, VeriSign dropped Network Solutions to pick up the RFID contract resolution work. It was predicted that the RFID resolution traffic would be orders of magnitude bigger than DNS. How has that project scaled over the last few years? Is it bigger than DNS yet?

No, RFID is still fairly new and hasn't surpassed DNS traffic levels yet. We've seen a recent uptick in the garment industry. They use it to track inventories and to help keep inventories low. We expect the RFID work to grow, but we want to focus on our core services of DNS, SSL certificates, and identity and authentication services.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Roger A. Grimes

InfoWorld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?