Resources

 Introduction to Secure Internet Commerce & E-mail  

What is S/MIME?
What is SSL?
What's the difference between a 40-bit and a 128-bit SSL connection?
What can users do to assure themselves of a web site's identity?
What does it mean when a lock appears on my browser?
What kind of web sites should use SSL?
Who should set up a secure web site?
Is SSL always enabled on a web site?
Where can I get a server certificate?
Other Guides

Certification Authorities

Introduction to Cryptography

Public Key Cryptography

 

 

 

 

 

What is S/MIME?

S/MIME (Secure/ Multipurpose Internet Mail Extensions) is a protocol that allows digital signatures to be added to and encryption of Internet electronic mail. S/MIME makes it possible for people to send secure e-mail messages to each other even if they may be using different e-mail applications.

All of today's most common e-mail applications support the S/MIME protocol. Top

 

 

 

 

 

 

 

 

What is SSL?

SSL (Secure Sockets Layer) is a protocol developed by Netscape Communications Corporation to provide security and privacy for transmissions over the Internet by using both data encryption and authentication of the server and, optionally, the client.

You can identify a web page that is secured through SSL in two ways: your browser will display a lock icon, indicating that SSL has been enabled; and the web site's address or URL generally starts with "https://" rather than the usual "http://".

Top

 

 

 

 

 

What is the difference between a 40-bit SSL connection and a 128-bit SSL connection?

40 bit or 128 bit is the size of a symmetric key used for the encrypted communication in SSL between the client and the server.

128-bits is considerably more secure than 40, in fact, 128-bits is over 309 septillion times larger than 40-bits!

It is estimated that it would take even a supercomputer billions of years to crack a message encrypted using 128-bit encryption.

Many financial institutions require 128-bit encryption for online banking because 40-bit encryption is considered to be relatively weak. Top

 

 

 

 

 

 

 

What can users do to assure themselves of a web site's identity?

A Server certificate, when installed on a web server, serves two main purposes—it enables a secure SSL connection between a client and a server, and it ensures the server's identity.

If a Web site has been secured, viewers of the site can verify the server identity by clicking on the lock icon that will appear at the bottom of the browser. In addition, information about a site's digital certificate can be viewed through the Security icon in Netscape or by accessing the View > Internet Options > Content > Authorities section in Internet Explorer 4.x or Tools > Internet Options > Content > Certificates in Internet Explorer 5.0. Top

 

 

 

 

 

What does it mean when a lock appears on my browser?

A lock icon indicates that your browser has connected to a web page that has enabled a Secure Sockets Layer (SSL) connection. Think of this as a secure pipeline that prevents anyone from intercepting any sensitive or confidential data (such as credit card numbers) that is transmitted between you and the web server.

Most web servers, including Microsoft IIS, Apache, Java Web Server, and Netscape Enterprise support SSL connections.

If you run a web site and wish to establish secure SSL connections between yourself and your customers or business partners, installation of a Server certificate will provide you with that functionality. Top

 

 

 

 

 

 

What kind of web sites should use SSL?

Any web site that relies on sensitive or confidential data being sent over the Internet should be using SSL to provide the greatest amount of security possible during transmission. Anytime on-line purchases of goods with credit cards are made or monetary transactions are carried out, the security of SSL is required so that only the client and the merchant or services at the web site have access to the private information. Top

 

 

 

 

 

 

 

Who should set up a secure web site?

Any web site that requires the transmission of sensitive data (credit card numbers, personal information, financial information) between the client and the web site, and vice versa, should have a Server certificate to enable a secure SSL connection.

As well, a Class 3 Server certificate purchased through IDRBT CA assures existing and potential customers of the validity of a web site owner's identity. Top

 

 

 

 

 

 

 

Is SSL always enabled on a web site?

Rather than being enabled on the entire web site, SSL is typically only enabled on those specific web pages that require secure connections. With an SSL connection, the information going back and forth between the client and server is subjected to an encryption process that slows down that particular connection—you can't really detect the reduced speed difference when connecting to a single page, but if all of a web site's pages were encrypted, the reduced performance would be quite noticeable. Top

   

 

 

 

 

 

Where can I get a certificate for my web site that will provide a secure connection for our customers?

IDRBT CA's web site has everything you need to know about getting a certificate (Server certificate) that will allow your web server to establish an SSL connection, or enable you to send S/MIME encrypted e-mail. Top

 

 

Copyright Legal Privacy Policy Feedback Sitemap