Home Explore Help
Sign In
fr33domlover
/
Rel4tion-Wiki
mirror of git://seek-together.space/wiki.git
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Tree: 8b3b2bbab2
Branches Tags
Rel4tion-Wiki
/
maint
/
admin
/
ca
/
tinyca
/
Introduction
/
How_SSL_Works.mdwn

How_SSL_Works.mdwn 2.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445 
  1. Without a security layer, the communication between the client and the server of
    2. 

  2. a web service is not encrypted. Third parties such as your [[!wikipedia ISP]]
    3. 

  3. can read what you send and receive. It is also not authenticated: Someone can
    4. 

  4. pretend to be the server you're looking for, and you may end up giving your
    5. 

  5. private details, such as passwords and bank account numbers, to someone with
    6. 

  6. bad intentions!
    7. 

  7. 

  8. Therefore, a secure connection, e.g. between a web browser and a web server,
    9. 

  9. should have these two properties:
    10. 

  10. 

  11. 1. Encrypted: Nobody can read the data while it's sent through the network
    12. 

  12. 2. Authenticated: Nobody can use a fake identity to trick you into believing
    13. 

  13.    you see the website you want, while you actually see a copy of it made by
    14. 

  14.    someone else.
    15. 

  15. 

  16. SSL can provide this security. Although it's not perfect when used as is (see
    17. 

  17. next section), combining it with your own CA and Monkeysphere support helps
    18. 

  18. fix the weaknesses and launch secure web services.
    19. 

  19. 

  20. You can read more about it in [[!wikipedia SSL desc="Wikipedia"]].
    21. 

  21. 

  22. The idea is as follows.
    23. 

  23. 

  24. The web service holds a private key, which is kept in a secure location and must
    25. 

  25. not be stolen. The key is a way for the web service to prove it's really it,
    26. 

  26. i.e. allow others to verify its identity. If someone else got the key, the
    27. 

  27. service's security could thus be compromised.
    28. 

  28. 

  29. The client holds a public certificate. When connecting to the web service, it
    30. 

  30. uses the certificate to identify the service (the service uses its private key
    31. 

  31. for this process, but *doesn't* send it as-is to the client) and make sure the
    32. 

  32. service is "trusted", i.e. its certificate is installed on the client machine.
    33. 

  33. Web browsers usually come with a preinstalled collection of such certificates.
    34. 

  34. To be more precise, they hold the root certificates of the CAs, and not the
    35. 

  35. certificates of the web services themselves.
    36. 

  36. 

  37. After authentication, the communication moves to a secure, i.e. encrypted
    38. 

  38. channel.
    39. 

  39. 

  40. Actually, it's possible to have the encryption even without authentication: If
    41. 

  41. the web browser can't authenticate the server, it can use the encryption anyway,
    42. 

  42. and warn you that the website's SSL certificate is not trusted. Some browsers
    43. 

  43. just display a small icon indicating this, while others show you a warning
    44. 

  44. message.
    45. 

  45.