[gnso-rds-pdp-wg] Use case for WHOIS/RDP

Rob Golding rob.golding at astutium.com
Tue Aug 16 15:47:59 UTC 2016 

> What would be the difference between these SSL certificates and ...

>From an underlying technology standpoint - practically nothing.

It's primarily an issue of helping guide end-user perception - to make them feel "safer" with some types of certs over other types (and in some cases certain CAs over others) 

There is _supposed_ to be difference in the projected use-cases for each type, and certain CAs "warrant" their different certs types for different things, but certificate-purchasers appear to largely pick them based on price rather than "feature"
 - whether that's poor education of the market, or mis-selling by mass-marketers, or lack of understanding about SSL in general is a question we don't need to go into.

But there are "different uses" for "different certificate types" (in theory).

With exceptions like institutions who "want" the "green bar" of an EV Certificate, in my experience certificate purchasers either want the cheapest single-domain one available or the cheapest wildcard one available, with little regard for the checks the CAs do to "authenticate" the requestor (often seeing anything that holds up the issuing process and an attempt to undermine their somehow always fantastically urgent needs)

Only in predominantly "techy" industries do people even look at certificates to see the type, issuer etc as far as I have ever seen

Many people fall for phishing scams which historically have done things like have an image of a "padlock" and end-users have thought that somehow it was legit and secure  - just like they hand over money/documents/goods to people dressed as law-enforecement at ports
 - a uniform or a badge or clipboard or even just an icon is a very powerful thing - it alters perceptions, it confers authority and so on.

The authors of browsers do a lot to "help" people - whether protecting them from their own stupidity is a good idea or not is a debate for another day - stopping you instantly accessing a site with an expired certificate and/or where malware has been reported and/or that someone has put on a "naughty list" might be considered good

Rob




---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

More information about the gnso-rds-pdp-wg mailing list