StartCom Certification Authority
From Wikipedia, the free encyclopedia
The StartCom Certification Authority was founded in 2005 and is based in Eilat,Israel, operated by StartCom, the same company which produces the StartCom Linux operating system. Products of the StartCom CA are marketed under the trade name StartSSL™. The StartCom CA provides various PKI solutions, including (free) digital certification and security tokens, to the public. All certificates issued by StartCom are insured and comply to the StartCom CA policy. The StartCom issued certificates support:
- Web server certificates
- Client and mail certificates
- Microsoft® Windows® Logon
- 128/256-bit encryption
Contents |
[edit] History
Traditionally, digital certificates were sold by major providers (Certification Authorities) for hundred of US dollars and low cost alternatives were rare. The business of digital certification has been viewed as highly lucrative. This seems to have been confirmed, when VeriSign, the leading provider in this business, twice acquired its primary competitors in the SSL certificate market; once in 1999 when it bought Thawte for US$ 575 million (Source); and again in 2006, when it acquired GeoTrust for US$ 125 million (Source). At both occasions VeriSign regained market dominance.
StartCom claims at its web site, that by applying a completely different and new business model, compared to traditional certification authorities, we are able to prove here, that digital certificates can cost much less or may be even free of charge. Pricing for SSL certificates have dropped since StartCom started to provide free digital certification in 2005. This may be due to StartCom's offerings or as well as increased market competition in general. Also the StartCom CA root certificate was initially not present in major client software (Browser, Mail clients) which made their certificates less useful for e-commerce. Since the second half of 2006, this has changed with the inclusion of the StartCom CA root in Mozilla applications (See also Application Support).
[edit] Certification
StartCom offers several certification options.
[edit] Free
The Free (Class 1) digital certificates are provided by StartCom without charge. They provide modest assurances and are meant to secure personal web sites, public forums and web mail. Verification is done automatically and instantly by electronic means and mostly without the interference and involvement of StartCom's personnel. This kind of certificate is also known as Domain Validated and the issuing CA can also be defined as a robot certificate authority.
[edit] Web-of-Trust
The StartSSL™ Web-of-Trust (WoT) is a community network of notaries and members operated and supported by StartCom, where notaries perform the verification of its subscribers. This is a decentralized certification system for the validation of the subscriber's identity in digital certificates, performed in person by other members with notary status. Any person can participate and be a member of this WoT and by qualifying to the guidelines also act as a notary (See also Notary Bootstrapping). The multiple assurances to be made by the verifying notaries will provide an added value to the issued certificates.
The Web-of-Trust is currently in its initial phase and marked as beta (December 2006).
[edit] Non-free
The Verified (Class 2) digital certificates provide medium assurances of the subscriber identity and are typically used by online store operators. Owners of web sites which perform financial transactions or exchange otherwise critical information should choose the higher verification procedure. This type of certification is provided for a fee and requires multiple forms of photograph identification of the requesting subscriber.
The StartCom CA provides Intermediate CAs to third parties via its SICAP[1]. StartCom recently issued such a third party CA and supervises the XMPP Intermediate Certification Authority of the Jabber Software Foundation. [2]
[edit] Application support
Many software vendors like Mozilla (Mozilla Firefox), and KDE (Konqueror) approved the StartCom Certification Authority and the root certificate of StartCom is included in many of these popular browsers and mail clients (Source). Users of applications lacking support for the StartCom CA can import the missing root certificate.
[edit] Classes
VeriSign introduced the concept of three classes of digital certificates:
- Class 1 for individuals, intended for personal web sites and email;
- Class 2 for organizations, for which proof of identity is required; and
- Class 3 for servers and software signing, for which extended verification and checking of identity and authority is done by the issuing certificate authority (CA).
StartCom adopted this scheme and issues its certificates by various intermediate (chained) certification authorities, each matching a different class and purpose. Therefore certificates can appear to be signed by different CA's, but each chained to the same certificate root.
[edit] See also
- Cryptography
- Public key certificate
- SSL
- Transport Layer Security
- Web of trust
- Robot certificate authority
- Certificate authority
- CAcert.org
[edit] References
[edit] External links
| Algorithms: Cramer-Shoup | DH | DSA | ECDH | ECDSA | EKE | ElGamal | GMR | IES | Lamport | MQV | NTRUEncrypt | NTRUSign | Paillier | Rabin | RSA | Schnorr | SPEKE | SRP | XTR |
| Theory: Discrete logarithm | Elliptic curve cryptography | RSA problem |
| Standardization: ANS X9F1 | CRYPTREC | IEEE P1363 | NESSIE | NSA Suite B Misc: Digital signature | Fingerprint | PKI | Web of trust | Key size |
| History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography |
| Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers |
