Please help verify my understanding of Domain Validation (DV) SSL Certificate
A Certification Authority, before issuing a certificate to an entity E, with E's name and E's public key in the certificate, is supposed to verify that the public key in question really belongs to E. For SSL server certificate:
- E's name is a host name, like
www.google.com, possibly with a "wildcard" (*.google.com). This is what SSL clients verify; this is all about names, not IP addresses. - The public key is received by the CA as a certificate request.
So the notion of "identity" in force here is really a question of domain ownership. The CA wants to make sure that it received the request from someone who controls the domain. There are several methods for that; the two most used are the following:
- The CA sends a challenge by email to the email address specified for the domain in the WHOIS database.
- The CA challenges the requester with some information to be included in the domain, e.g. a random host name to be included in the DNS.
These checks are not extremely robust (they rely on the "impossibility" to hack into, respectively, emails or the DNS, neither being well protected) so there is a recent fashion for stronger verifications, called Extended Validation Certificates. For an EV certificate, the CA is supposed to do a lot more paperwork to make sure that it talks to the right entity. Retrospectively, non-EV certificates are dubbed "DV" (as "domain validated").
The net effect of an EV certificate is that Web browsers recognize them as such, and may show that fact to the human user with a more lavish display, with a lot of green. But non-EV certificates technically work just as well. An EV certificate is worth the effort only if your users are trained to recognize EV certificates and feel more comfortable with an EV certificate than they would with a "normal" certificate (which is still shown with the famous "padlock" icon). Right now, I'd say that most Internet users are far from being aware of the distinction, so buying an EV certificate is kind of useless.
(EV certificates will become useful when they become mandatory, i.e. when Web browsers begin to reject or warn about SSL server certificates which seem valid but are not tagged "EV". This is a rather tough transition and I don't see it happening in the near future.)
For a bad guy to obtain a seemingly valid certificate with your server name in it (the prerequisite for mounting a really successful impersonation attack), he must do one of the following:
Fool the CA. Fooling the CA is harder for EV certificates (that's the point). However, even if you get an EV certificate, it would not prevent the attacker from obtaining a non-EV certificate in your name from a gullible CA. An EV certificate will protect you against sloppy CA only as long as your clients are trained to pause and become suspicious if they see a seemingly valid but non-EV certificate bearing your site name. This hardly seems realistic right now.
Steal your private key. If an attacker steals your private key, then he can use it with your certificate (which is public) to install his fake server. EV or non-EV is irrelevant here; what matters is that you should protect your private key well. If your server is broken into, inform the CA so that it may revoke your certificate, and issue you another one (with a new key).
Fool the human user into disregarding the very red and scary warnings from the browser when an invalid certificate is shown. You cannot really defend against that, except through educating your users. The warnings shown by Web browsers tend to increase in scariness (and redness, too) over time.
Fool the human user into connecting to an attacker-owned domain with a perfectly valid certificate, and a name which looks like the intended server name. E.g.
www.gogle.comorwww.google.business.cominstead ofwww.google.com(fictitious examples). There again, only user education can really work against that.
Most phishing attacks are based on one of the last two methods, so this means that you should not be overly worried over the DV/EV dichotomy. The really important point for security is user education.
Domain-validated SSL certificates (DV) are technically the same as extended-validation certificates (EV).
The reason, EV-certificates are more expensive is, that apart from the domain name, the seller also has to check further informations about your identity. To verify that you really are the owner of google.com he needs to contact you and has to do other administrative work.
For most smaller websites the domain-validated certificate is fine, the user will have no disadvantages and the EV-certificates are really too expensive in my opinion (the effort doesn't justify the price).
The current answer has some inaccuracies:
- EV SSL matches identity to the public key in the certificate
- DV SSL does not
All domain validated SSL does is prove you have a domain name. A DV SSL cert makes no connection between a legal entity and the certificate.
In the current answer:
no hacker should be able to register a DV SSL for my domain and / or setup a fake phishing website under my domain name without the browser warning the user for possible attack
This isn't correct:
Someone could register yourdomainlogin.com, or yourdomain.com.tld. Here are domain validated certs being issued for https://google.com.mg and https://google.com.im.
Anyone else could register
*.otherdomain.com. Then later add the host yourdomaincom.otherdomain.com. This is how phishing scams work. Wildcards like this are allowed for DV SSL, and forbidden for EV.Yes, really. You can get a domain validated certificate for a domain like somecompanysupport.com, even though you have nothing to do with Some Company, and it's considered fine.
From the current marked answer:
"the entity's name is a host name, this is what SSL certificates verify"
Is only correct for domain validated certificates. The subject - what an SSL certificate is verifying owns the public key in the certificate may either be:
a domain name (or wildcard domain) for domain validated certificates. Again, domain validated SSL does not assert that this matches any particular legal entity.
the ID of a business or incorporated organization that was verified with a EV certificate
From https://certsimple.com/blog/are-ev-ssl-certificates-worth-it:
Looking at domain validated certificate:
openssl x509 -in domain-validated-example.com.crt -noout -text | grep Subject
OU=Domain Control Validated
CN=billing.example.com
DNS:billing.example.com
Here is an EV cert, containing a government-registered company ID rather than a domain name:
openssl x509 -in extended-validated-example.com.crt -noout -text | grep Subject:
jurisdictionOfIncorporationCountryName=GB
businessCategory=Private Organization
serialNumber=09378892
C=GB
ST=City of London
L=London
O=example Limited
CN=billing.example.com
DNS:billing.example.com -
Companies in the UK are registered with a UK-wide organization called Companies House. The serialNumber 09378892 in the certificate above is a company registration number from Companies House.
In the USA, organisations are registered on a per-state basis, so serialNumbers in US certificates refer to a company ID at the relevant Secretary of State.