Video Screencast Help
Website Security Solutions

It won't actually be called High Assurance SSL. Why not, and what should it be called?

Created: 22 Apr 2006 • Updated: 18 Dec 2012 • 1 comment
Tim Callan's picture
0 0 Votes
Login to vote

In a recent post I alluded to a lack of clarity around the name of the new higher-authentication SSL standard. Up to now it's been code-named High Assurance SSL, but that name won't be the final one. I want to give you the background and spell out some criteria for an effective name.

Comments 1 CommentJump to latest comment

David A. Wheeler's picture

One problem is that "high assurance" already has a meaning in security -- it means that there's been proof that there are no software bugs of any kind that affect its functionality. Generally, it requires the use of formal methods (mathematics applied to software). For security, you're talking at least Common Criteria EAL 6. Just do a Google on "high assurance" -- you'll see that this is already a term of art. This "high assurance" SSL guarantees none of those things.

Login to vote