A couple of weeks ago someÂ very interesting Windows news flew by under the radars that I think deserves much more credit than it received, considering how much we rely on the web and the impact this has on making it safer.
In the September 2009 update to theÂ Windows Root Certificate Program, Microsoft has added to the list of trusted root certificate authoritiesÂ StartCom Ltd, notably its first member who issues amongst othersÂ free SSL digital certificates.
What this means in practice is thatÂ out-of-the-box in Windows 7and ifÂ installed as an optional patch under Windows Vista and XP, free digital certificates issued by StartCom will be inherently trusted by the operating system and its applications.
Besides simple identification, one other benefit delivered by digital certificates is the ability to transparently encrypt and secure the connection to a server viaÂ HTTPS and this is what makes what Microsoft did so notable.
Up and until now the digital certificates market has been dominated by large corporations who charge quite a pretty penny for the privilege, limiting the use of HTTPS. Unfortunately at the same time due to the nature of digital certificates and the chain of trust, a limited number of root certificate authorities (CA) in operating systems such as Windows has limited the adoption of free digital certificates as offered by some companies like StartCom. Granted Firefox and Safari has supported many of the certificate authorities issuing free certificates for some time, Microsoft has not, until now.
With StartCom as a Windows root CA, web developers now have a practical free alternative for digital certificates if they wish to secure their websites or web services that by default works with Internet Explorer and other Windows applications.
Not only is this great for developers but even more so users who can look forward to more websites that encrypt the data they send to and receive from â€“ reducing the risks of sniffing and man-in-the-middle vulnerabilities, especially when using wireless and public networks.