Sunday, April 22, 2018

SSL's seem to be involved in the concept of "branding" v domain names



There seems to be a remote connection between the issuance of SSL certificates and the concept of brand validation, as noted near the end of this explanation of how Positive SSL works on a site by Namecheap / Comodo.  The concept of a CSR, or certificate signing request, is also relevant.
  
Apparently an industry-sponsored entity called the “certificate authority” can question the authenticity of the SSL request if there is a “brand validation” step expected by the CA.  This sounds like the idea of trademark.  But in the domain name world, domain name disputes are resolved by procedures within ICANN, which sometimes might consider trademark issues along lines similar to US law but not necessarily identical.  In general, entities within different businesses can use the same root name but a different tld.  But, given the complexity of some businesses, the importance of brand name licensing in franchised businesses (like Trump’s!), and various growing political and social tensions, it sounds plausible that new issues can be brought to bear on CA’s.
  
SSL’s used to be sold as a way to protect consumers making purchases from a site or logging in to a site and sharing some components of PII which could otherwise by intercepted by hackers.  That has receded in importance since purchases are most often sent to very large third-party e-commerce sites anyway (although that practice has become controversial to some interests in the on-demand book publishing business and even in music distribution and some independent film).  Now the concern is more about the possibility of determined foreign attacks even on ordinary Internet browsing, “man in the middle attacks” (scareware), browser hijack and firewall compromise. SSL’s should emphasize just the mechanics of secure encryption and not become involved with the political problems surrounding branding and trademark, within the US and internationally.

No comments: