Secure Sockets Layer (SSL) is a protocol for enabling data encryption on the intranet and for helping web site users confirm the owner of the website. SSL is most commonly used to protect communications between web browsers and servers. However, it is increasingly used for server to server communications and for web-based applications.
What is encryption and why are there different levels?
Encryption is a mathematical process of coding and decoding information. The number of bits (40-bit, 56-bit, 128-bit, 256-bit) tells you the size of the key. Like a longer password, a larger key has more possible combinations. When an encrypted session is established, the encryption level is determined by the capability of the web browser, SSL certificate, web server, and client computer operating system.
Extended Validation (EV) SSL Certificates: where the Certification Authority (CA) checks the right of the applicant to use a specific domain name PLUS it conducts a thorough vetting of the organization. The issuance process of EV Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007, that specify all the steps required for a CA before issuing a certificate, and includes:
- Verifying the legal, physical and operational existence of the entity
- Verifying that the identity of the entity matches official records
- Verifying that the entity has exclusive right to use the domain specified in the EV Certificate
- Verifying that the entity has properly authorized the issuance of the EV Certificate
EV Certificates are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. The second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before issuing EV Certificates. The audits are repeated yearly to ensure the integrity of the issuance process.
Organization Validation (OV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organization. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust.
Domain Validation (DV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.