Analysts believe that XML (extensible markup language) will supplant the SSL (Secure Sockets Layer) protocol as "the basis for the next phase of secure eCommerce transactions", according to NewsFactor. Vulnerabilities in SSL, which secures most eCommerce transactions, mainly concern its reliance on certificate authentication at the user end, according to Forrester analyst, Laura Koetzle.
Users need a basic understanding of the technology and "don't know what to do with browser-side certificates", so the use of "server-side only certificates" contributes to unsecured transactions and therefore to vulnerabilities.
While Giga analyst, Michael Rasmussen, focuses on the "need to keep things up-to-date and patched because vulnerabilities [will appear,] even in security software", Gartner analyst, Richard Stiennon, says SSL is solid, despite its vulnerabilities. "The actual encryption of SSL is great, but as with all public/ private key signers, how well do you trust the signers?" Stiennon says, adding, "really, SSL is proving to be a rock-solid transport architecture, and, often, a good way to authenticate". But Rasmussen advises that "SSL, SSH and PGP (pretty good privacy) have security holes, and those are renowned security tools".
XML security "will retain the issue of trusting signers of [digital certificates], according to NewsFactor, but its ability to handle transactions as if they were documents will enable companies to send purchase orders and checks by e-mail. B2B commerce will be fueled by this change, Stiennon predicts, while Koetzle observes that "the implementation and experimentation is happening before the standard takes shape". XML transaction security technology, described by Koetzle as "a machine-to-machine validation of complex trust hierarchies, already exists, but "nobody really needs to [use its functions" at present.
|
