Connecting to a standard Web page can be fraught with peril. The simplicity of the HTTP protocol leaves it open to eavesdropping, or worse yet, man-in-the-middle attacks. Thankfully, though, the Secure Sockets Layer (SSL) authenticates Web sites and encrypts Web traffic. Whether you’re paying with a credit card or working with your bank account balance, SSL provides something priceless: piece of mind.
But what exactly is SSL? How does it protect credit card numbers from being stolen?
SSL encrypts traffic between your Web browser and a Web server, encoding and decoding sensitive data. Even if a miscreant eavesdrops on an SSL connection, he or she would see nothing but oodles of gibberish.
Beyond encyption though, it’s also necessary to verify the identity of the Web server. Without some proof, a rogue server could impersonate a retailer or bank, establish an ersatz connection, and capture our data nonetheless. Instead, SSL ensures that the server is authentic.
The Role of the Certificate Authority
While encryption is simple to understand, at least conceptually, authentication can be somewhat more elusive. Just because a server says it is amazon.com doesn’t mean it actually is.
In real life, when you want to verify someone’s identity, you have two choices: You can either have someone you trust introduce you, or you can check the stranger’s identity documentation, such as a passport or drivers license. Both methods share the same basic fundamental assumption: Rather than trying to authenticate an identity by yourself, you delegate…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
