Certificate authority

The quantity of web browsers, other devices, and applications which trust a particular certificate authority is referred to as ubiquity.

In addition to commercial CAs, some non-profits issue publicly-trusted digital certificates without charge, for example Let's Encrypt.

Browsers and other clients of sorts characteristically allow users to add or do away with CA certificates at will.

However, encryption entails the receiver's public key and, since authors and receivers of encrypted messages, apparently, know one another, the usefulness of a trusted third party remains confined to the signature verification of messages sent to public mailing lists.

Worldwide, the certificate authority business is fragmented, with national or regional providers dominating their home market.

However, the market for globally trusted TLS/SSL server certificates is largely held by a small number of multinational companies.

[7] While not legally required, new providers may choose to undergo annual security audits (such as WebTrust[8] for certificate authorities in North America and ETSI in Europe[9]) to be included as a trusted root by a web browser or operating system.

[14] Let's Encrypt is operated by the newly formed Internet Security Research Group, a California nonprofit recognized as federally tax-exempt.

To illustrate the effect of differing methodologies, amongst the million busiest sites Symantec issued 44% of the valid, trusted certificates in use — significantly more than its overall market share.

[17] As of July 2024[update] the survey company W3Techs, which collects statistics on certificate authority usage among the Alexa top 10 million and the Tranco top 1 million websites, lists the six largest authorities by absolute usage share as below.

Extended validation is intended to verify not only control of a domain name, but additional identity information to be included in the certificate.

Some browsers display this additional identity information in a green box in the URL bar.

There is some question whether users would be likely to recognize this absence as indicative of an attack being in progress: a test using Internet Explorer 7 in 2009 showed that the absence of IE7's EV warnings were not noticed by users, however Microsoft's newer browser, Edge Legacy, shows a significantly greater difference between EV and domain validated certificates, with domain validated certificates having a hollow, gray lock.

In particular, it is always vulnerable to attacks that allow an adversary to observe the domain validation probes that CAs send.

These can include attacks against the DNS, TCP, or BGP protocols (which lack the cryptographic protections of TLS/SSL), or the compromise of routers.

[19][20] Some Certificate Authorities may accept confirmation using root@, [citation needed] info@, or support@ in the domain.

In one instance, security researchers showed that attackers could obtain certificates for webmail sites because a CA was willing to use an email address like ssladmin@domain.com for domain.com, but not all webmail systems had reserved the "ssladmin" username to prevent attackers from registering it.

[23] A CA issues digital certificates that contain a public key and the identity of the owner.

A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the issued certificate.

This is why commercial CAs often use a combination of authentication techniques including leveraging government bureaus, the payment infrastructure, third parties' databases and services, and custom heuristics.

Notaries are required in some cases to personally know the party whose signature is being notarized; this is a higher standard than is reached by many CAs.

According to the American Bar Association outline on Online Transaction Management the primary points of US Federal and State statutes enacted regarding digital signatures has been to "prevent conflicting and overly burdensome local regulation and to establish that electronic writings satisfy the traditional requirements associated with paper documents."

Further the US E-Sign statute and the suggested UETA code[28] help ensure that: Despite the security measures undertaken to correctly verify the identities of people and companies, there is a risk of a single CA issuing a bogus certificate to an imposter.

For example, suppose an attacker, Eve, manages to get a CA to issue to her a certificate that claims to represent Alice.

Bob might even respond with encrypted email, believing that it could only be read by Alice, when Eve is actually able to decrypt it using the private key.

[45][46] In 2008, Comodo reseller Certstar sold a certificate for mozilla.com to Eddy Nigg, who had no authority to represent Mozilla.

[50] In 2012, it became known that Trustwave issued a subordinate root certificate that was used for transparent traffic management (man-in-the-middle) which effectively permitted an enterprise to sniff SSL internal network traffic using the subordinate certificate.

The critical weakness in the way that the current X.509 scheme is implemented is that any CA trusted by a particular party can then issue certificates for any domain they choose.

This issue is the driving impetus behind the development of the DNS-based Authentication of Named Entities (DANE) protocol.

The procedure of obtaining a public key certificate