[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Where should I start from ?

Wichert Akkerman wrote:
> Previously John DOE wrote:
> > PS : Thanks a lot for your help. I don't know how familiar you are
> > with cryptographic concepts but I already have the original sheets of
> > SSL from Netscape and SSL is not a bilateral entity authentication,
> > identification protocol you only know that the server at the other
> > side is really the intended recipient but the server knows nothing
> > about you if you are really you or not.
> I don't know the SSL protocol itself but from what I understand of it
> both sides can use X509 certificates you can use to do authentication
> checks.

X.509 certificates tie keys and their possessors together. The
signature of some certification authority (that both parties trust)
ties the possessor and his identity (which is listed in the
certificate) together.

You can do so on both ends, to perform client- as well as
server-authentication in order to establish mutual trust.

I have never tried to do authentication using certificates on both
ends, but it is possible (at least according to the SSLv3 specs).

:: remco@vandemeent.net
:: http://remco.vandemeent.net/

Reply to: