CSCI.4220 Network Programming
Fall, 2006
Class 22: Internet Security Protocols
Digital Certificates
One flaw in the original PGP was that there was no way that Alice could
be sure that Bob's public key was really from Bob and not from someone
pretending to be Bob. The solution is a Digital Certificate which has
been authenticated by a trusted certificate authority (CA).
There is a standard for such certificates,
X.509.
The best known CA is
VeriSign.
Here is the structure of an X.509 Certificate
- Version (currently 3)
- Serial Number of the certificate
- Algorithm ID
- Issuer
- Validity Start time
- Vlaidity End time
- Subject of the certificate
- Subject Public Key Info
- Public Key Algorithm
- Subject Public Key
- Issuer Unique Identifier (Optional)
- Subject Unique Identifier (Optional)
- Extensions (Optional)
- Certificate Signature Algorithm
- Certificate Signature (encrypted with the private key of the CA)
Secure Socket Layer (SSL)
Originated by Netscape, SSL is used for secure client server
communication over the internet.
Provides confidentiality, authentication, and message integrity
SSL Architecture:
Here is the presentation on ASP (Power Point)
The
Wikipedia SSL page provides a high level overview of how
SSL works.
Here is a brief description of the SSL handshake
Here is Sun's
Introduction to SSL