Guest of this issue
Cui JiuqiangGeneral Manager of Shanghai CA Center
Cui Jiuqiang, general manager of Shanghai Digital Certificate Certification Center Co., Ltd., member of the CPPCC Shanghai Jing'an District, the first Shanghai Smart City Construction Pioneer, chairman of the Digital Signature Committee of the Belt and Road Information Industry Development Alliance, and China Electronics Certification Industry Alliance Member of the special committee, director of the Electronic Authentication Special Committee of the Chinese Cryptography Society, director of the Collaborative Innovation Laboratory, an elite high-level talent in Shanghai industry, and a top-notch talent in Hongkou District. He has long been committed to electronic authentication, digital identity, blockchain, data security and Research in the fields of digital trust, has won the third prize of Shanghai Science and Technology Progress Award, the first prize of Shanghai Science and Technology Award, the China Standard Innovation Quality Contribution Award, compiled 10 national/industry/local standards, and 20 national invention patents. Participated in More than 30 provincial and ministerial scientific research projects.
host
Zhao Jiuzhou Tencent Cloud-Director of Enterprise Center
Zhao Jiuzhou, Director of Tencent Cloud-Enterprise Center, Director of Observable Platform. Responsible for Tencent Cloud Observable Platform, DNSPod, Tencent Documents, Tencent Questionnaire and other products. He has successively served as the general manager of 58 Daojia platform and the vice president of the 360 Group's Tongchengbang business. , Heli Capital and other VCs invested USD 10 million in venture capital. At the same time, he is also a senior expert in digitalization of physical enterprises, and took the lead in formulating the "China SME Digitalization Standard Certification".
1
Zhao Jiuzhou : In 1998, Shanghai Digital Certificate Certification Center Co., Ltd. (Shanghai CA for short) was established as a pilot project approved by the Central Encryption Work Leading Group and supported by the Shanghai Municipal Government. It is currently a leading third-party electronic certification service organization in China. Our side is very Many webmasters have purchased SSL certificates from you. Up to now, China has become the third largest country in deploying SSL certificates, but looking back at your initial career, SSL certificates are a relatively niche field. Why did you choose the track related to encryption technology and digital certificates? What is the opportunity to join Shanghai CA?
Cui Jiuqiang: Since 1997, the first wave of e-commerce has emerged around the world. At that time, there was a very popular saying on the Internet, called "On the Internet, no one knows you are a dog". Behind this sentence, there is actually a difficult problem: when we reconstruct the business process through the network, we need to solve many problems to ensure the safety and reliability of business activities , such as identity authentication, trust evaluation, transaction security and other aspects of protection.
Cryptography technology is an important tool to solve network security problems . Based on the PKI/CA system, we can use cryptographic technology to establish trustworthy identities between network subjects, such as issuing CA digital certificates to identify website subject identities. and signature technology to ensure data integrity and reliability.
It can be said that digital certificates are an important form of cryptographic technology in practical applications . At the time, the field of digital certificates was fairly new, but its potential and promise for securing the web was enormous. So I am very optimistic about this track, and I have always loved and devoted myself to this industry.
As for the opportunity for me to join Shanghai CA, it was actually influenced by the development of e-commerce at that time. After graduating from Fudan University in Shanghai in 1997, I joined a traditional state-owned enterprise. But the rise of the e-commerce wave gave me the idea of working on information technology development and computer technology . At that time, I felt that informatization would be the wave of the future, and the development of network informatization would change our entire society, economy and way of life.
By chance, I stepped into the recruitment market and noticed a company with a long name called: Shanghai E-Commerce Security Certificate Management Center Co., Ltd., which is the earliest name of Shanghai CA. The words "e-commerce" and "security certificate" made me very happy , and found that this coincided with my previous career plan. After returning home, I checked various relevant Chinese and English materials through dial-up Internet. Through a deeper understanding, I saw the development opportunities of this emerging industry and strengthened my determination to join this industry. This is my encounter with Shanghai CA.
2
Zhao Jiuzhou: Although the deployment of SSL certificates on websites is becoming more and more popular, many people still choose free certificates. After all, the encryption level is also good, and they can be issued in a few minutes at the fastest. Even some large enterprises are using free certificates. Under the overwhelming offensive of free certificates, how else can Shanghai CA promote paid certificates? What is the biggest obstacle for you to promote paid certificates?
Cui Jiuqiang: When it comes to free certificates, the most representative one is Let's Encrypt. At present, the free certificates on the market are basically DV certificates (domain name certificates). Although the free certificate lowers the threshold for applying and deploying an SSL certificate to a certain extent, it also loses an important function of the SSL certificate, that is, authenticity verification of the domain name owner's organizational identity .
From the perspective of identity authentication, the application of DV certificate does not identify the identity of the organization, which may cause some malicious or illegal websites to pretend to be legitimate websites , thus bringing security risks to users. There are also some providers of free SSL certificates that may use the opportunity of certificate issuance for commercial marketing and data collection, and there is a risk of privacy being leaked .
Shanghai CA, as a professional and legitimate third-party electronic certification service organization, strictly follows the requirements of the "Administrative Measures for Electronic Certification Services" to manage and supervise the users of certificates. Compared with free certificates without security guarantees, paid certificates enjoy higher security guarantees , such as stricter identity authentication process and more comprehensive technical support. In order to help users better deal with complex network security issues, we can also provide customized services and solutions according to users' needs .
In the promotion of paid certificates, we work closely with partners, customers and industry organizations, hoping to create a greener and healthier network environment for users. At present, more and more people are beginning to realize the value of paid certificates , and many users of free certificates have begun to switch to paid certificates.
Of course, we also encountered certain obstacles during the promotion process, mainly due to the competition from free certificates and the pressure from market price wars . But our original intention remains the same. On the one hand, we continue to improve the quality of certificates and services. On the other hand, we also pay attention to market research and customer demand analysis, and strive to improve the security, reliability and ease of use of certificates, so as to maintain the market for paid certificates. Competitiveness.
Let's Encrypt issued millions of certificates due to mistakes, and all wrong certificates were revoked within 5 days. Millions of certificates correspond to millions of websites and network services. Once the certificate is revoked, HTTPS will fail to connect, which directly causes the website or service to fail to connect . Therefore, in order to better achieve data security and use assurance, we still recommend users to choose paid certificates.
Let's Encrypt issued an error, announced to revoke millions of certificates
3
Zhao Jiuzhou : When it comes to DV certificates (domain name certificates), they are the first choice for most websites. In 2002, GeoTrust invented the DV SSL certificate that only verifies the domain name, which can be quickly issued in a few minutes, breaking the original practice of applying for an SSL certificate that takes a week or more, and accelerating the popularity of https. However, DV-type certificates can grant standard encryption like other types of certificates without verifying the real identity of the website. After deployment, you can also see a padlock in the browser address bar, which has been used by many phishing websites to lure users. When DV-type certificates are "castrated products" that cannot prove the identity of legitimate websites and gradually lose public trust, do you think this type of certificate is still necessary?
Cui Jiuqiang: DV certificates (domain name certificates) do have certain limitations in ensuring website security, because it only verifies the ownership of the domain name, but does not verify the identity of the organization or individual behind the website . Therefore, if an attacker uses a valid domain name to apply for and deploy a DV certificate, they may use this certificate to set up a phishing website, tricking users into thinking it is a legitimate website.
However, DV certificates are still useful for certain types of websites. For non-commercial websites such as small businesses or personal blogs , they may not have much budget or qualifications to purchase more expensive OV (Organization Validation) or EV (Extended Validation) certificates, because these certificates require more complicated verification procedures, Higher application threshold, and the price will be relatively higher. At this time, the DV certificate can provide the most basic HTTPS encryption protection , so that visitors to these websites can safely browse the website and submit forms.
However, with the increase of network attacks such as phishing websites, the possibility of DV certificates being used is also increasing, which poses a potential threat to Internet security. Therefore, in the long run, CA institutions need to take more stringent measures to ensure the safety of users when using DV certificates, so as to restore the public's trust in it . At the same time, I also appeal to all CA institutions to improve the security and trust of certificates through technical means to avoid malicious use of certificates.
4
Zhao Jiuzhou : As you said, from the perspective of security, OV SSL certificate (Organization Validation Certificate) and EV SSL certificate (Extended Validation Certificate) can better verify the identity of the enterprise and really play a role in preventing phishing websites. However, the market share of these two types of certificates is relatively small. In addition to the high price, many browsers no longer display the unit name in the certificate in the address bar, and the effect of improving the image of the website is greatly reduced. How do you see the current promotion dilemma of OV SSL certificate and EV SSL certificate? What do you think is the game-changing way to promote these certificates?
Cui Jiuqiang : OV SSL certificates and EV SSL certificates are indeed more reliable in verifying corporate identities, and they are also better able to prevent attacks from phishing websites. However, due to the need to cover corresponding business costs such as identity verification,the price is also higher, which is unaffordable for many small websites and individual users, so the market share is relatively small. In addition,some browsers no longer display the unit name in the certificate in the address bar, which reduces the effect of these certificates on improving the image of the website.
In order to solve these problems, the promotion of OV SSL certificates and EV SSL certificates still requires various efforts. We need to increase public awareness of website security and prevention of phishing attacks , so that more people are aware of the importance of these certificates and are willing to pay more for higher-level certificates.
However, the prices of OV SSL certificates and EV SSL certificates are generally high, which is also one of the main obstacles to promotion. Therefore, CA institutions can also consider launching more flexible price strategies and certificate packages to meet the needs of different users.
Another point is to enhance the visibility of the certificate in the browser . For example, the certificate icon, certificate name, etc. are displayed on the page, so that users can find the certificate more easily. For domestic browser manufacturers, they can also consider re-introducing functions such as the display unit name of EV certificates, so as to enhance the value and credibility of these certificates. Website security needs to be "visible".
5
Zhao Jiuzhou : Many companies prefer wildcard certificates when purchasing SSL certificates, because after configuring a primary domain name, unlimited sub-domain names can also be covered, that is, one certificate can be used for domain names related to the entire company. However, wildcard certificates still have huge security risks. "All eggs are in the same basket". Once the private key of this wildcard certificate is leaked, the CA must revoke this certificate, which will cause all websites under the main domain name to fail. Use https encrypted service. As a CA organization, what kind of users would you recommend to purchase wildcard certificates? What kind of users try not to purchase wildcard certificates?
Cui Jiuqiang : As a CA organization,we suggest that only users who really need a wildcard certificate should choose this type of certificate.
For example, if an enterprise owns multiple subdomains and needs to use SSL certificates, and these subdomains are dynamically generated , it will be more cumbersome and more expensive to purchase multiple single domain name SSL certificates. In this case, wildcard certificates can cover all subdomains more conveniently, and can also reduce the workload of certificate management. However, such users still suggest that additional security measures are required to ensure the security of the private key and prevent potential security threats.
However, for users with only a small number of fixed domain names, we do not recommend choosing wildcard certificates . Because the wildcard certificate has the risk that the private key will be leaked, so that all subdomains cannot use https encryption, and this risk is not available for single domain name certificates. In addition, wildcard certificates may also increase other security risks. For example, a subdomain name that is hacked may affect the security of the entire website.
In addition, if your enterprise needs to manage and control different subdomains separately, wildcard certificates may cause you trouble in management . In this case, you can consider purchasing multiple single domain name certificates, each corresponding to a subdomain name, so that you can better manage and control your SSL certificate.
Therefore, when choosing a certificate type, users should weigh and choose according to their actual situation and needs. Of course, as a professional third-party CA organization, we will also provide professional suggestions and opinions when purchasing certificates.
6
Zhao Jiuzhou : 99% of domestic websites are using SSL certificates issued by foreign CAs, so the "discontinuation of SSL certificates" has been at the forefront. In addition, during the conflict between Russia and Ukraine in February last year, the SSL certificates of the Russian government and bank websites were revoked More than 3,000 copies were issued, causing a large number of government websites and bank websites to be paralyzed because they could not be accessed normally, which sounded a heavy security alarm for us. Under the unpredictable international situation, are we ready to deal with the "discontinuation" of SSL certificates?
Cui Jiuqiang : The "discontinuation" of SSL certificates is indeed a problem worthy of attention. At present, most domestic websites are using SSL certificates issued by foreign CA institutions, which means thatif these CA institutions have unpredictable problems, such as political, economic, natural disasters and other reasons that make them unable to continue their services, then there will be "SSL Certificate Discontinuation" situation. In this case, the affected websites will not be able to provide secure https services, and users' personal information and privacy may be threatened.
In order to deal with this situation, a number of domestic leading electronic certification agencies, including Shanghai CA, actively participated in the discussions of the CA/B forum, carried out compliance reforms with reference to international standards, and actively rooted mainstream browser manufacturers .
However, for long-term considerations, the fundamental solution is to seek domestic alternatives . At present, we are actively expanding the collaboration and cooperation of the domestic trusted service ecosystem, making preparations for the "discontinuation" of SSL certificates.
The Wanweixin brand certificate launched by Shanghai CA has now implanted the root certificate of the domestic algorithm into 360, Qi Anxin, Red Lotus, Athlon and other domestic mainstream browsers; at the same time, Shanghai CA Wanweixin has also developed a set of The self-adaptive software module can automatically identify whether the client browser supports the national secret algorithm by deploying the dual-algorithm certificate mode, and automatically adapt to the domestic algorithm certificate or the international algorithm certificate; Shanghai CA Wanweixin has also completed the Tongxin, Kylin , China Electronics Cloud PKS and other domestic application system adaptation work, on the basis of accelerating the application and promotion of domestic cryptographic algorithms, compatible with the environmental requirements of the Internet network, and has established strategic cooperation with a number of state-owned cloud service providers.
7
Zhao Jiuzhou : Even though the national secret certificate has been discussed intensely for several years, we know that the current global mainstream application environment does not support the national secret algorithm system, and China has not yet formed a basic software application ecology that supports the national secret algorithm. In addition, the road to automated deployment is also difficult. It has not been approved, and the international ACME protocol does not support the national secret SSL certificate, which makes it difficult to reform the national secret in the field of SSL certificates. Based on your experience, is the current situation of the implementation of national secrets optimistic? To increase the deployment density of national secret certificates, what do you think the future path should be?
Cui Jiuqiang : At present, the deployment of national secret certificates in China is still relatively small, but with the support and promotion of national policies and the continuous development of related encryption technologies, I believe that the deployment density of national secret certificates is expected to gradually increase in the future.
To increase the deployment density of national secret certificates, I think efforts can be made in the following aspects: First, it is necessary to strengthen the support of national secret algorithms on various basic software and hardware , such as operating systems, browsers, servers, etc. Only when these infrastructures are fully supported can national secret certificates be widely deployed.
Secondly, it is necessary to launch a corresponding automated deployment scheme for national secret certificates , making the process of deploying national secret certificates easier and more efficient. Of course, this requires the joint efforts of CA institutions, equipment manufacturers, software manufacturers, application providers and other parties to establish a corresponding ecosystem.
At present, the dual-algorithm certificate service launched by Shanghai CA takes into account the national secret compliance and compatibility, further increasing the deployment of national secret certificates. At present, the national competent authority is also taking the lead in establishing a management and promotion mechanism for SSL certificates based on domestic cryptographic algorithms, issuing relevant standards and formulating relevant specifications, and accelerating the application of national secret certificates. Shanghai CA is also actively cooperating with competent authorities to invest in This work.
Finally, it is necessary to strengthen the cooperation of domestic and foreign standardization organizations , so as to promote the development and improvement of international standards, so that national secret certificates can be widely used around the world.
8
Zhao Jiuzhou : The most important landing scenario of the State Secret SSL certificate is the government website and its cloud platform. Shanghai CA has also undertaken many government agencies' "one-stop" projects, but only from the deployment of the official websites of the provincial governments in 31 provinces, municipalities, and autonomous regions in China Looking at it, only the official website of Jiangxi Provincial Government and the website of Hunan Provincial Government have deployed national secret SSL certificates, and the coverage of national secrets is very low. What do you think are the main obstacles for government users to reform national secrets? What kind of coping strategies does Shanghai CA currently have?
Cui Jiuqiang : It is indeed difficult for government users to reform national secrets.
From a technical point of view, due to the particularity of the national secret algorithm, government users need to upgrade or replace existing systems and equipment, and at the same time need to carry out complex configuration and deployment, which is difficult for some government agencies with relatively weak technical strength . Said that it may cause greater difficulties .
In addition, the cost of renovation is also an issue. Because the application of the national secret algorithm requires the use of special hardware equipment and software technology, the cost is relatively high , and it may become an unaffordable investment for some government agencies with tight funds.
Another aspect is lack of experience. Government agencies lack experience in the application and practice of national secret algorithms , and may face many challenges and difficulties. For example, they may encounter problems in upgrading and deployment, and need corresponding technical support and services.
Integrating more than 20 years of experience in providing reliable certificate services for the government, enterprises, institutions and individual users, Shanghai CA has made steady progress on the road of research and development of domestic encryption and self-owned brand certificates. We can provide relevant technical support and services to help government agencies upgrade and deploy national secret algorithms to ensure their safe and reliable application.
At the same time, we also provide cost-effective national secret certificates and soft gateways to attract more government agencies to adopt national secret algorithms. Among them, the https encryption solution based on the national secret algorithm: issue SM2 SSL certificates, provide server-side national secret suites, and support dual-algorithm certificates, making the national secret algorithm reach a practical stage in website encryption.
In addition, we have been promoting the advantages and value of the National Secret Algorithm through various channels in order to increase the awareness and recognition of the National Secret Algorithm by government agencies, thereby promoting its application and promotion.
With the Chinese government's emphasis on information security and the maturity of domestic encryption technology, more and more organizations tend to adopt national secret algorithms and national secret applications to meet compliance requirements and protect system security. Business secret application and national secret transformation can help enterprises avoid risks such as information leakage, data tampering, and network attacks, and improve the security and reliability of core businesses. Based on this, Shanghai CA provides a series of business secret applications and national secret transformation solutions for government and enterprise customers.
9
Zhao Jiuzhou : On March 3 this year, Google released the "Together" roadmap, announcing that it will reduce the maximum validity period of public TLS certificates from 398 days to 90 days in future policy updates or CA/B Forum voting proposals. Many comments believe that this plan will have a huge impact on CA institutions, because the 90-day free SSL certificates led by Google and Firefox browsers have occupied more than 60% of the global market share, while the validity period of paid certificates of traditional CA institutions is only shortened to 90 days, then the willingness of users to spend money to purchase paid SSL certificates will be greatly weakened. What do you think of this news? Are you worried that this plan will change CA's life?
Cui Jiuqiang : Google's "Going Together" roadmap has indeed brought a certain impact on traditional CA institutions, because users can choose to use free SSL certificates with a 90-day validity period instead of spending a lot of money to buy paid certificates . However, this paid certificate still has its advantages.
On March 3, 2023, Google released the "Together" roadmap, announcing that it will reduce the maximum validity period of TLS certificates from 398 days to 90 days
There are still many enterprises and users who need high-level SSL certificates , which have stricter verification requirements and higher security performance.
In addition, the shortened validity period of SSL certificates means that certificates need to be renewed more frequently, which actually provides more potential business and service opportunities for CA institutions . It is not difficult to see that the automation of certificate deployment has become the future trend. In order to comply with the industry trend that the validity period of certificates is continuously shortened, major domestic CAs have begun to support the ACME protocol to provide users with automatic management services for SSL certificates. We are also actively developing and testing certificate automation tools based on the ACME protocol to better respond to the industry challenges brought about by the shortened validity period of certificates and help users manage and renew certificates more easily. Related products and solutions will also be launched in the near future. We believe that this new technology will bring you a more efficient, convenient and secure certificate management experience.
We have also seen that in addition to selling certificates, CA institutions have also begun to provide other value-added security services , such as vulnerability scanning and certificate status monitoring. Big market demand.
Although the roadmap released by Google has brought certain challenges to traditional CA institutions, I believe that major CA institutions have the ability to cope with the new market environment . At the same time, users still have different needs and preferences, so I think traditional CA institutions Institutions will not be eliminated.
10
Zhao Jiuzhou : At present, there are several old CA certificate brands that are widely used and trusted around the world, such as Sectigo, DigiCert, etc. Their years of accumulated technical experience and mature systems provide more secure and stable services. As one of the earliest CA institutions in China, you have purely domestic certificates like Wanweixin. Do you think there are any advantages between domestic certificates and foreign established certificates? What actions does the domestic CA certificate brand take in terms of international promotion?
Cui Jiuqiang : In recent years, the country has been advocating "localization". As one of the earliest CA organizations in China, Shanghai CA has been investing a lot of energy in the research and development of domestic certificates.
At present, the market share of foreign established certificates is indeed very high, but the advantages of domestic certificates are also self-evident. I think the most prominent advantage is autonomy and controllability . From the algorithm level, the national secret algorithm is used, and the domestic team system deployment is adopted at the operation level, all of which are also within the territory. For users, the intuitive experience means that it is not affected by the international situation and policies , and it is more stable to use.
As mentioned above, we have implanted the root certificate of the domestic algorithm into mainstream domestic browsers such as 360, Qi Anxin, Red Lotus, and Athlon. By deploying dual-algorithm certificates, the application of national secrets has reached the practical stage in terms of websites. At the same time, we have also completed the adaptation of domestic application systems such as Tongxin, Kirin, and China Electronics Cloud pks. On the basis of accelerating the application and promotion of domestic cryptographic algorithms, it is compatible with the environmental requirements of the Internet network.
There is also the issue of data security that everyone is concerned about. The application data for purely domestic certificates is directly faced with domestic CAs, which means that customer information and audit data do not need to be exported , which further ensures the security of user data. In terms of localization services, domestic certificates are also more familiar with the domestic market , and customization capabilities are more flexible.
In fact, in terms of international promotion, domestic CA certificate brands have been actively taking action. We can see that some domestic CA institutions are actively joining the international CA/B forum and participating in the formulation of international standards . They have established cooperative relations with internationally renowned browser manufacturers and terminal equipment manufacturers to improve the credibility and usage rate of their SSL certificates in the international market. At the same time, we also cooperate with some well-known international companies , and there are many successful customer cases. There are also some domestic CA institutions that have established branches abroad to further expand their international business.
It is gratifying that domestic SSL certificates are now receiving more and more attention and demand in the international market. Domestic CA certificate brands are actively promoting international development in various ways, hoping to achieve greater success in the international market. However, the promotion of domestic certificate brands in the international market still has a long way to go, and more time and effort are needed.
11
Zhao Jiuzhou : Most of the top ten SSL certificate providers in the world are Internet and cloud service providers, including Cloudflare, Amazon, Google, Microsoft, etc., and there are very few CA institutions. If users can directly obtain website https encryption services from cloud service providers, they will no longer go to CA to apply for SSL certificates. How do you see such market changes? Are you worried that Internet and cloud service vendors will take away the cake, and the market space for CA institutions is getting narrower and narrower?
Cui Jiuqiang : This is indeed a market change worthy of attention. In fact, market competition has always been a process of constant change, and the SSL certificate market is no exception. With the growth of the Internet and cloud service vendors, their market share in the SSL certificate market is indeed increasing, while the market share of traditional CA institutions decreases accordingly. This is an inevitable market trend, but I don't think it means that CA institutions will lose market space .
With the development of technologies such as cloud computing and the Internet of Things, Internet and cloud service providers are playing an increasingly important role in network security. For Internet and cloud service providers, there are indeed certain market advantages, because They have a lot of users and a lot of data .
However, the professionalism and authority of CA institutions in certificate issuance and verification cannot be replaced by Internet and cloud service providers . As the issuing authority of digital certificates, CA organization has the neutrality of the third party. In the digital certificate industry, it is very important to maintain the credibility and authority of the CA institution. CA institutions need to establish sound credit review standards, strictly monitor and control the issuance and management of certificates, and adopt advanced security technologies and measures to ensure the authenticity and security of digital certificates. Only in this way can digital certificates, as one of the important guarantees for digital identity verification and data security, be gradually widely used in various fields.
At the same time, cloud service providers also need CA institutions to provide them with SSL certificates to ensure the security and credibility of their cloud services. Therefore, I think CA institutions and Internet and cloud service providers are interdependent rather than competitive.
As an electronic certification service organization, CA institutions have many businesses that can be expanded and developed in addition to SSL certificates .
Taking Shanghai CA as an example, as a professional digital trust service operator, we can provide multiple software and hardware collaborative services . Our digital trust service system comprehensively uses cutting-edge technologies such as blockchain, digital identity, privacy computing and new encryption technology to create two core service capabilities of trusted digital identity and trusted data circulation, and comprehensively provide digital identity services and trusted access services, digital signature services, trusted computing service platforms, and data security services, and organically combine different services according to application requirements, and flexibly provide special services to meet the diverse scenarios in different fields such as government affairs, finance, education, and medical care.
I believe that as long as CA institutions can adapt to market changes and meet user needs in a timely manner, they can still occupy a place in the field of network security.
12
Zhao Jiuzhou : With the development of the new generation of information technology, SSL certificates also need to be combined with these technologies. At present, the Internet of Things is growing rapidly, and more than 10 billion devices are connected to the Internet, but the security awareness is relatively weak, and the system has not yet been built. , a secure trust mechanism between devices, applications, and users. Are you optimistic about the IoT market? How Do SSL Certificates Work in IoT Scenarios?
Cui Jiuqiang : With the advent of the digital age, the Internet of Things has changed people's lifestyles and business models. I think this is a very promising market , and I am very bullish on this market because the number of connected devices in the Internet of Things is already very large, and this number is still growing.
But at the same time, security issues on the Internet are becoming more and more severe. The Internet of Things involves a large number of devices and operational services, such as home smart devices, Internet of Vehicles, and smart cities, and the real-time and reliability of these devices are very important . The application of SSL certificates will help build a credible and secure communication environment and provide security for the reliable operation of the Internet of Things.
At present, SSL certificates have played an important role in security in IoT scenarios. Many security-focused IoT systems have enabled SSL certificates to ensure identity authentication and transmission encryption . With the improvement of security awareness, the demand for this will increase. There will be more and more. SSL certificates provide end-to-end security for IoT connections, ensuring safe and reliable communications between devices.
At the same time, it also provides identity authentication for devices in the Internet of Things , which can ensure that communication between devices will only occur between authorized devices, rather than being impersonated by unauthorized devices.
In addition, SSL certificates can also provide security for applications in the Internet of Things , ensuring safe and reliable communications between applications and devices.
With the continuous development of the Internet of Things market, I believe that SSL certificates will have a very broad application prospect in the Internet of Things market, and more and more Internet of Things environments will support the development of SSL certificates. At the same time, SSL certificates also need continuous technological upgrades and innovations to keep up with the pace of the digital age and adapt to new needs and challenges in IoT scenarios.
* Image source: Shanghai CA Center, Google, Lovepik
END
Column coordinator | Zhao Jiuzhou
Responsible editor | Huang Qiting Zhuang Yajie Zhang Jie
What SSL certificate are you currently using? As a user, what new developments do you expect for SSL certificates in the future? Welcome to share your views in the comment area~ Light up "watching" + leave a message in the comment area , Ah D will randomly select a fan at 15:00 on May 31 (Wednesday) and send a customized Ah D coffee cup~
"DNSPod Ten Questions" is an in-depth talk column launched by Tencent Cloud Enterprise Center. Through each issue, ten questions are asked to the guests, leading readers to stand on the shoulders of elites in the industrial Internet and technology fields, and overlook the development of major industries Trends and cutting-edge technological innovations.
The field of column guests is gradually expanding, from the initial circle of domain names and webmasters to the circle of programmers, entrepreneurs, and investors. Ding Ke, vice president of Tencent, Jiang Tao, chairman of CSDN, Dai Zhikang, founder of Discuz!, Wu Lujia of Knowledge Planet, Yang Qing, vice president of Tencent Security Academy, and other technical experts and industry leaders have left their insights in this column .
"DNSPod Ten Questions" is also extremely influential and active in the Tencent Cloud ecosystem. We are on Tencent's internal platforms - DNSPod official account, Tencent SME service official account, Tencent cloud official account, Tencent cloud host official account, Tencent cloud server official account, Tencent cloud assistant, Tencent Lewen, Tencent code guest circle, Tencent KM platform, Tencent Cloud + Community, Tencent Cloud + University and other platforms have accumulated hundreds of thousands of attentions. The total number of media readings such as agency account, penguin account, Sohu account, headline account, open source Chinese technology community, IT home, InfoQ community information site, Twitter agency account, and Facebook agency account exceeds one million.
In the future, we hope that the influence of this column will cover a more diverse audience and spread more correct ideas to the outside world. Readers are welcome to leave the guests you want to see and the questions you want to ask in the comment area. We invite you to become the questioners and voicers of the "DNSPod Ten Questions" column.
Cooperation contact:
▼Get the QR code in the background of the official account
Join the official DNSPod user group
