SitePoint Sponsor

User Tag List

Results 1 to 24 of 24

Thread: Anonymous SSL

  1. #1
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Anonymous SSL

    I need an Anonymous SSL similar to the one offered here. Any suggestions?

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,692
    Mentioned
    20 Post(s)
    Tagged
    3 Thread(s)
    cc,

    I smell a rat! {snip} is advertising something that is not possible as secure server certificates are given to a specific person/organization who is checked out BEFORE the certificate is issued.

    An anonymous SSL would have to be requested by {snip} for themselves (and charging you at least double their cost) which will NOT lead to any confidence by visitors.

    Finally, I provide my clients with the use of MY secure server certificate but via my domain name (they are in Addon Domains attached to my domain name, i.e., in subdirectories, so they remain within their website but my domain name is displayed for purposes of the secure server). NOT quite what you're looking for, either, but that's effectively what {snip} is offering.

    IMHO, do it properly or you WILL scare people away (for attempting this nefarious scheme).

    Regards,

    DK
    Last edited by dklynn; Nov 15, 2008 at 15:16. Reason: Hmmm, I was advertising for them!
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    interesting. what do others have to say?

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    There are TWO aspects to SSL.

    One is the encryption provided between the client and the server. The second is being able to confirm that the web page you are entering that data on actually belongs to who it is supposed to belong to.

    Imagine the situation with someone obtaining hosting using SSL where the owner of the certificate can't be identified. They then set up a duplicate of a bank's login screen using that site which redirects to the real bank site after the person logs in. The redirect also records their login details. They then us phishing or better yet pharming techniques to get users of that bank to visit their page instead of the real bank site. Those people log into the bank using the login form provided since the padlock symbol shows the site to be secure and the owner of the site now has a list of userids and passwords for the bank that they can use to make withdrawals from all those people's accounts. The main thing that prevents this kind of thing from happening to people who actually use the security of the sites that they visit correctly is that the real bank web site will have a security certificate that identifies itself as belonging to the bank while the fake site cannot possibly have a certificate that identifies the bank as the owner - it would need to either identify who the thief is or be an "anonymous" one.

    Knowing who owns the certificate is at least as important as knowing that the info you enter is encrypted so that only the owner of the certificate can read it. In the case where a third party certificate is used (such as David mentioned) then the site itself can make it clear whose third party certificate that they are using. That still leaves some potential security holes since a fake site could claim to use a third party certificate issued by someone else (which is why any security involving bank account details, credit card numbers etc should always use a certificate issued to the site owner themselves). Where a third party certificate is used then the provider of that certificate needs to be someone that the person filling out the form knows that they can trust since they will have access to the decrypted copy of the info.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I guess they mean cert like that
    https://www2.2checkout.com/2co/login

    You can get such cert from godaddy for $20

  6. #6
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,692
    Mentioned
    20 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by max7 View Post
    I guess they mean cert like that
    https://www2.2checkout.com/2co/login

    You can get such cert from godaddy for $20
    A login page for 2checkout.com? What good does that do - unless you're using their services?

    WHY would anyone (pay for and) use a secure server certificate that wasn't on their site and would scare visitors away (from giving sensitive personal details)?

    Oh, well, go for it!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  7. #7
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    224
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Secure sites have to be secure by way of the certificates, I do not think customers would consider such certs valid ever. Even self signed certs are not recommended when the site is dealing with private bank/card details.
    ------------
    hzSari | HostingZoom.com
    ModVPS.com | ResellerZoom.com
    Power Speed Reliability

  8. #8
    SitePoint Member EASY-TRAFIC.COM's Avatar
    Join Date
    Nov 2008
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Anonymous SSL ?
    EASY-TRAFIC.COM
    Free Listing and Free Promote your site!

  9. #9
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by EASY-TRAFIC.COM View Post
    Anonymous SSL ?
    That's what the site that cesarcesar linked to claims to offer. I guess they'll make a few sales to people who don't know how SSL works. When that money source dries up they can always move on to selling the Sydney Harbour Bridge and other similar bridges from around the world, or perhaps a few million coins worth of fake pirate gold.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  10. #10
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    A login page for 2checkout.com? What good does that do - unless you're using their services?

    WHY would anyone (pay for and) use a secure server certificate that wasn't on their site and would scare visitors away (from giving sensitive personal details)?

    Oh, well, go for it!

    Regards,

    DK
    No. Look on 2CheckOut certificate.
    It is anonymous. It does not contain company name or address.
    Domain access validated and nothing else.

    May be it is Anonymous SSL as owner information is not included in cert details.

  11. #11
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by max7 View Post
    No. Look on 2CheckOut certificate.
    It is anonymous. It does not contain company name or address.
    Domain access validated and nothing else.

    May be it is Anonymous SSL as owner information is not included in cert details.
    If the SSL certificate identifies the domain then it is not anonymous. If it doesn't identify the domain then it is worse than useless.

    Plus 2CheckOut has nothing to do with the site that the OP asked about and so is off topic.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  12. #12
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There are 2 types of SSL certs.

    Owner validation when you send company documents and certificate tells us company name and address.
    e.g. https://ssl-certificate-center.veris.../console_login
    You will see in details Verisign, Inc (US)

    Or domain access validation when we do not see company name that controls that domain.
    e.g. https://www2.2checkout.com/2co/login
    You won't see company name in that cert as company is not validated when that cert was issued.

  13. #13
    SitePoint Wizard silver trophy Karl's Avatar
    Join Date
    Jul 1999
    Location
    Derbyshire, UK
    Posts
    4,411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I can't personally see why you'd want to be anonymous when it comes to SSL, most people are moving in the other direction, back to fully validated certificates such as EV SSL and towards proven identity trust marks - As they increase conversions, our customers using them are seeing 15-25&#37; more conversions because of the extra reassurance it gives to visitors, that they are a genuine company and that an independent 3rd party has checked them out.
    Karl Austin :: Profile :: KDA Web Services Ltd.
    Business Web Hosting :: Managed Dedicated Hosting
    Call 0800 542 9764 today and ask how we can help your business grow.

  14. #14
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Google and Saxo are using anonymous ssl
    https://www.google.com/accounts/ManageAccount
    https://www2.saxowebtrader.com/Login.aspx

    I think certs with company name is money waste and dark past.
    Future is cheap domain access validation certs.
    There is no difference for 99% web users if domains is anonymous or not.

    Have you stopped browsing any site when you noticed such "anonymous" certs like on Google, Saxo and 2CheckOut?

    I bet nobody stops.

  15. #15
    SitePoint Wizard silver trophy Karl's Avatar
    Join Date
    Jul 1999
    Location
    Derbyshire, UK
    Posts
    4,411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Errr... I think you'll find that neither of those examples are domain only validated certificates. It does make a difference, as I said, we've got customers that prove the point every day, if they remove their trust marks etc. then they see a drop in the number of carts converted to orders.
    Karl Austin :: Profile :: KDA Web Services Ltd.
    Business Web Hosting :: Managed Dedicated Hosting
    Call 0800 542 9764 today and ask how we can help your business grow.

  16. #16
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Karl View Post
    Errr... I think you'll find that neither of those examples are domain only validated certificates. It does make a difference, as I said, we've got customers that prove the point every day, if they remove their trust marks etc. then they see a drop in the number of carts converted to orders.
    I said that I do not understand what is Anonymous SSL.

    case 1. is just create one with openssl command and do not sign at CA.
    case 2. domain access validation
    .
    This company offer anonymous hosting and anonymous domains.
    It means you pay them with e-Gold (anonymous money) and you get domain and hosting.

    I do not know what they sell.

  17. #17
    SitePoint Wizard silver trophy Karl's Avatar
    Join Date
    Jul 1999
    Location
    Derbyshire, UK
    Posts
    4,411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think there's some wires getting crossed here. You gave Google and Saxo as example of anonymous SSL users - but they aren't, they are using Thawte and Verisign certificates with SGC.
    Karl Austin :: Profile :: KDA Web Services Ltd.
    Business Web Hosting :: Managed Dedicated Hosting
    Call 0800 542 9764 today and ask how we can help your business grow.

  18. #18
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    These certs do not include company name.
    I guess "domain access validation" could be Anonymous SSL cert.

    You do not send any documents to CA to get such cert.
    CA sends email with link to email listed in domain's whois record.
    If you click link then you get such cert. (of course you have to pay 20 - 70 per year)

    This cert would not contain company name but would be signed by CA.

  19. #19
    SitePoint Zealot quantum physics's Avatar
    Join Date
    Nov 2008
    Location
    Bombay
    Posts
    152
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Security thats Anonymous,???

  20. #20
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by quantum physics View Post
    Security thats Anonymous,???
    WSell obviously anonymous SSL can't be used for security. Since the primary purpose of SSL is security there must presumably be some other use for it that the anonymous SSL is able to be used for. What that might be I have no idea as I can't think of any use for it other than to try to con someone out of money by pretending to be secure.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  21. #21
    SitePoint Member
    Join Date
    Oct 2008
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Guys,

    There are couple of domain Validated certificates they are cheaper and you can get one them quickly. I think there is nothing called anonymous SSL Certificate. I googled it and it took me to known products which are originally Domain Validated Certificates.

    I am vising you all Happy and Secure Browsing with SSL Certificates.

  22. #22
    SitePoint Wizard ~ServerPoint~'s Avatar
    Join Date
    Nov 2007
    Posts
    1,813
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Michale there are lots of places to get good SSL. The problem is: people interested in trusted vendors
    ServerPoint.com - a true hosting company since 1998
    Web Hosting, colocation,
    dedicated servers, Virtual Private Server (VPS) hosting

  23. #23
    SitePoint Member
    Join Date
    Mar 2009
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I used {snip} They offer comodo and thawte anonymous ssl. Check it out.
    Last edited by dklynn; Mar 28, 2009 at 02:55. Reason: See below.

  24. #24
    SitePoint Wizard silver trophy Karl's Avatar
    Join Date
    Jul 1999
    Location
    Derbyshire, UK
    Posts
    4,411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by andybush View Post
    I used yohost.org They offer comodo and thawte anonymous ssl. Check it out.
    There's no such thing as anonymous SSL, domain validated only, yes. But not anonymous. Indicentally, what SSL certs have you had from them, what domains do you host with them? The reason I ask, is that you've dug up a very old thread and this seems very much like self promotion - If you'd prefer not to say publicly, please PM me, else I'm afraid I will have to edit your post, as it really does seem like self promotion.

    Thanks,
    Karl Austin :: Profile :: KDA Web Services Ltd.
    Business Web Hosting :: Managed Dedicated Hosting
    Call 0800 542 9764 today and ask how we can help your business grow.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •