Software, Technology

How-to: Understand Website ‘Identity Information’


…or more precisely, when a reputable website such as WordPress.com displays a warning triangle and the message: “this site does not supply identity information.”

You may notice the warning triangle in the address bar on sites which use the HTTPS, SSL and TLS protocol and certificates, and get the message when you scroll over it. WordPress? Really?

Let’s replay Internet Security-101, with apologies to the technically ‘ept’ (not the ‘inept’).

The “identity information” is normally provided when secure site certificate is presented to your browser. Connecting to a site’s secure server, denoted by the “https” address prefix, the encrypted certificate is supposed to ensure authentication. Regular HTTP traffic is not encrypted, doesn’t authenticate and doesn’t worry about “identity information.” This is how most of the Internet used to work before the increase of hacking, and why so many more sites

have switched to SSL or TLS connections under encrypted certificates, not just e- commerce, banking, and log-in pages to account-based services.

SSL also ensures traffic is unchanged end-to-end as it is transmitted, so what you get is un-tampered.

So why does a site like WordPress.com suddenly throw that warning triangle and the message: “this site does not supply identity information?”

For one thing, it is not the whole site. WordPress.com consists of millions of sub-domains, all sat under the wordpress.com main HTTPS SSL certificate. Go to https://wordpress.com/ root URL and it is perfectly fine. Go to a sub-domain such as https://everythingexpress.wordpress.com/ and the warning appears. Why?

Usually you will get that warning when the site is displaying mixed content, by which we mean the site is using files not located in its own directory or own server. So for https://everythingexpress.wordpress.com/ I can tell you all the article images being displayed actually sit on Google Picasa; rather than upload all the images to the WordPress server, we link across to the master files on Picasa.

However, the browser is checking not only the host site identity, but also the secondary site identity when there’s external content being loaded from outside the host. Now while Picasa also uses HTTPS under a certificate and has its own identity, that does not match the credentials presented for https://everythingexpress.wordpress.com/ – that’s if the Picasa credentials even make it through the call, which for this type of simple content call, they wouldn’t.

In this example, I’m not going to worry; but then it’s from one of my sites, and I know what’s on there.

You have to bear in mind that this mixed content can be any kind of file; javascript, php, images, documents, pdfs. What the web-browsers such as Firefox are doing is flagging potentially hazardous content that may harm your computer and its contents. The browser can’t establish the provenance of the secondary content; it is up to your judgement when you see the warning (you do see the warnings, right? Just checking) as to whether you proceed on that site. You know it’s a reputable site? Go ahead. Not so certain? Get the heck out of Dodge. RC

Related: How-to: Adjust Browser Security for Mixed Content and Frames

About Robin Catling

Writer; performer; project manager; sports coach; all-round eccentric.

Discussion

One thought on “How-to: Understand Website ‘Identity Information’

  1. It’s good article designed for all the internet users; they will get benefit from it I am
    sure.

    Posted by Gino Gleason | March 20, 2015, 8:09 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter Updates

Follow us on Twitter @EverythingExpre

Find Us on Facebook

Enter your email address to follow this blog and receive notifications of new posts by email.

Categories

Library

BBC World News

BBC World News
Opens the BBC World News page.
%d bloggers like this: