Re: Where should I start from ?

To: debian-security@lists.debian.org
Subject: Re: Where should I start from ?
From: Remco van de Meent <remco@vandemeent.net>
Date: Sun, 2 Dec 2001 13:13:37 +0100
Message-id: <[🔎] 20011202131337.A11977@frml.snt.utwente.nl>
In-reply-to: <[🔎] 20011202125758.L7108@wiggy.net>
References: <20011128090517.EFB0E36F9@sitemail.everyone.net> <[🔎] 20011202125758.L7108@wiggy.net>

Wichert Akkerman wrote:
> Previously John DOE wrote:
> > PS : Thanks a lot for your help. I don't know how familiar you are
> > with cryptographic concepts but I already have the original sheets of
> > SSL from Netscape and SSL is not a bilateral entity authentication,
> > identification protocol you only know that the server at the other
> > side is really the intended recipient but the server knows nothing
> > about you if you are really you or not.
> 
> I don't know the SSL protocol itself but from what I understand of it
> both sides can use X509 certificates you can use to do authentication
> checks.

X.509 certificates tie keys and their possessors together. The
signature of some certification authority (that both parties trust)
ties the possessor and his identity (which is listed in the
certificate) together.

You can do so on both ends, to perform client- as well as
server-authentication in order to establish mutual trust.

I have never tried to do authentication using certificates on both
ends, but it is possible (at least according to the SSLv3 specs).

regards,
Remco.
-- 
:: remco@vandemeent.net
:: http://remco.vandemeent.net/

Reply to:

References:
- Re: Where should I start from ?
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: Security hole in Linux kernel itself? FW: [FreeBSD-users-jp 65877] Re: nslookup
Next by Date: Re: VI wrapper for SUDO? - another bad way ??
Previous by thread: Re: Where should I start from ?
Next by thread: Re: iptables with a linux bridge
Index(es):
- Date
- Thread