You are receiving this email from JX2 Professional Software Services because of a previous business relationship or interaction with JX2, or you subscribed on our website. To ensure that you continue to receive emails from us, add bpowell@jx2services.com to your address book today. If you haven't done so already, click to confirm your interest in receiving email campaigns from us. To no longer receive our emails, click to unsubscribe.
Brad Powell's
 
The Software Experience E-Newsletter
 
Software Insights for You and Your Business
 
March 2007
Greetings!
 
Welcome to the second edition of my monthly newsletter, The Software Experience.  In this issue we will talk about a new web technology called evSSL.  I hope you find it enlightening, and if you do, please forward it on to your friends and colleagues using the link at the bottom of the page.
 
Enjoy!
Brad's Signature
Brad Powell
President and Chief Know It All
JX2 Professional Software Services
 
Does Green Mean Go?  What you need to know about evSSL.

Today we will be talking about a new web technology called evSSL.  And this is really new-it's only been around since January of this year!  Before we dive into evSSL, let's review what plain ordinary SSL is.


SSL stands for Secure Sockets Layer.  SSL is a way to encrypt a web browser session between you and a company's website.  To use SSL, a company will buy what is called a SSL certificate from a special type of company called a certificate authority, or CA (i.e. Equifax, Verisign, etc).  When you access a website protected by SSL, all of the information you send will be encrypted.

How does SSL help protect you?  Suppose you want to buy something from bobshobbyshop.com.  If Bob is using SSL, you can be sure that no Internet crooks can eavesdrop and steal your credit card number before it gets to Bob.  How do I know if Bob is using SSL?  Web browsers will show you a padlock icon if SSL is being used, and you may see 'https://' in the URL bar of the browser.


So now that you know a little about SSL, you probably think that it makes you secure, right?  I see a padlock, doesn't that mean I'm safe?  Unfortunately, no.  All the padlock tells you is that your data is encrypted.  Two bad things may still happen:  thieves may have setup a fake storefront and impersonated Bob (i.e. you got phished), or Bob himself may be a crook.


evSSL to the rescue!  evSSL stands for Extended Validation SSL.  One problem with ordinary SSL certificates is that almost anyone can get them with virtually no verification.  That is how thieves can setup a fake storefront for Bob, and use SSL padlock to fool you.  evSSL fixes this problem by establishing a rigorous verification procedure to obtain an evSSL certificate.  So only Bob's Hobby Shop, Inc. will be able to get an evSSL certificate for bobshobbyshop.com.  And the verification procedures are extra rigorous for high risk organizations, like banks.


How will I know if Bob has an evSSL certificate?  Right now, you can only easily tell if you are using Internet Explorer 7 (other browsers will add evSSL features in the coming months).  IE7 will change the website location bar to have a green background.  Ordinary SSL certificates will still show with a white background as they always have.  If you have IE7, you can see this for yourself by going to the Paypal website at  https://www.paypal.com.  If you haven't upgraded to IE7, take a look at the Microsoft IE7 evSSL green bar example.


So with evSSL I am safe, right?  Green means go, right?  Well, sort of.  evSSL solves the identity problem, so if you go to bobshobbyshop.com you know that you are talking to Bob.  But there are still other problems:

 
  • Bob himself may still be a crook
  • evSSL identity verification procedures will work well in countries with strong commercial practices and oversight, like the US and UK.  It can likely be circumvented in countries without strong commercial practices and oversight, like eastern Europe.
  • There are other shortcomings of evSSL, too many to list here.  I'll provide some useful links to these in the 'Quick Links' section of the newsletter.


In a nutshell, green doesn't really mean go.


Now that you understand what evSSL does and does not give you, let's talk about what it means for your business.  If your customers do business with you over the Internet, you need to get an evSSL certificate.  Let me repeat that again: If your customers do business with you over the Internet, you need to get an evSSL certificate.

Right or wrong, people will feel better when they see the green bar, and they will begin to expect it.  If you don't give them the green bar, your competitors will.  In the words of Gartner analyst Avivah Litan, "are people going to trust the green more than white? Yes, they will. All the business is going to go to the greens, it's kind of obvious."


Does evSSL make you and your customers completely secure?  No.

Is it a step forward?  Yes.

Will your customers expect it?  Yes.


I hope that you have found this information useful, and I would love to hear your comments.  Please let me know what you think by replying to this message or contacting me at bpowell@jx2services.com.

Coming Next Month

Next month we will talk about SOA, what it is, and why it matters to you.  If you have any requests for a future topic, reply and let me know.
 
About JX2
 
JX2 develops software for businesses in highly-competitive industries, industries where the customer experience is paramount. We help our clients create IT and business solutions that streamline operations, improve the user experience, and protect their customers.
 
JX2 is an IBM Business Partner.

Brad's Picture
 
Quick Links



Join Our Mailing List 
Copyright © 2007 JX2 Professional Software Services.  All rights reserved (but feel free to copy it, post it, quote it, think about it and forward on to others).

Privacy is important to us: we will not sell, rent, or give your name or address to anyone.
 
This email was sent to newslettercopies@jx2services.com, by bpowell@jx2services.com
Powered by
JX2 Professional Software Services | 9313 Robnel Place | Vienna | VA | 22182