> Websites that want to be designated as secure have to be certified by an outside organization, which will confirm their identity and vouch for their security. The certifying organization also helps secure the connection between an approved website and its users, promising the traffic will not be intercepted.
becomes
Certificate Authorities are organisations that validate a web site's "domain name" and issue certificates for validated names. The site uses a certificate to prove its name to your web browser when you visit an encrypted site.
This seems relatively easy to understand, most importantly it's clear that the certificate is about naming and not some nebulous "security" or identity more broadly. Also valuable it's clear that the CA plays no direct role in actually securing an HTTPS connection (very common for people not to understand that, even fairly technical people) and yet it's vague enough that I don't have to explain about how public key technology works which is a whole can of worms.
> Websites that want to be designated as secure have to be certified by an outside organization, which will confirm their identity and vouch for their security. The certifying organization also helps secure the connection between an approved website and its users, promising the traffic will not be intercepted.
becomes
Certificate Authorities are organisations that validate a web site's "domain name" and issue certificates for validated names. The site uses a certificate to prove its name to your web browser when you visit an encrypted site.
This seems relatively easy to understand, most importantly it's clear that the certificate is about naming and not some nebulous "security" or identity more broadly. Also valuable it's clear that the CA plays no direct role in actually securing an HTTPS connection (very common for people not to understand that, even fairly technical people) and yet it's vague enough that I don't have to explain about how public key technology works which is a whole can of worms.