Figure 13 – IE7 Certificate Error 2

Notice the red URL and the “Certificate Error” message. Essentially, to go back to our story, Internet Explorer 7 is effectively saying “You may be at a fake ATM machine!”

The big question is “How can digital certificates help me determine that I’m going to the right website?” Well, there are two main components around digital certificates – the digital certificate issuer (Issued by:) and the holder of the digital certificate (Issued to:). A useful analogy is to think of the certificate issuer like a Department of Motor Vehicles (DMV). Each state in the United States has a DMV run by the state’s government. The DMV issues driver’s licenses which grant the privilege to drive in a given state. A person that goes to the DMV to get a driver’s license must pass a series of tests that helps the DMV determine if they are fit to drive on the state’s roads. The state’s Highway Patrol, a group which enforces the rules of the road, recognizes the validity of the DMV to issue driver’s licenses. Therefore, if one violates one of the rules of the road and is pulled over by a Highway Patrol officer, showing a driver’s license issued by the DMV is a requirement. The Highway Patrol will not recognize a driver’s license issued by an institution other than the DMV as being valid. In short, the DMV is a trusted third party that issues “certificates” (driver’s licenses) to individuals. These “certificates”, issued by the DMV, are trusted by the Highway Patrol. Essentially, the Highway Patrol, the DMV, and the licensed driver are the participants in a Driver’s License Infrastructure or DLI. Let’s move back to digital certificates and talk about a Public Key Infrastructure.

11