SSL should be chosen from an established, reliable CA who delivers at minimum 128-bit encryption and optimally 256-bit encryption. It should be issued from a globally-available root infrastructure using 2048-bit RSA keys or better. The SSL issuing authority should maintain industrial-strength data centers and disaster recovery sites optimized for data protection and availability. The CA must have its
authentication practices audited annually by a trusted third-party auditor.
*Reference - SSL 101: A Guide to Fundamental Web Site Security by GeoTrust
No comments:
Post a Comment