Application of https/ssl/tls:
|
PUT |
GET |
Anonymous |
DON'T! |
http |
Authenticated |
scp |
sftp >> https << |
What do you get?
Client-to-server end-to-end encrypted traffic
Strongly authenticated server credentials
(Optional) Strongly authenticated user credential
Why not?
Caching
Overheads
Firewalls/Proxys
Cost
How does it work?
http://www.modssl.org/docs/2.8/ssl_intro.html
Symmetric encryption
Public/Private key encryption
Signatures
Certificates
Certificate Authorities
What Happens?
Client connects to server
Server sends server certificate
Client verifies server certificate
Client sends secret to server using server's public key
Client and server use secret to create symetric encryption keys
References:
All you ever want to know:
http://www-uxsup.csx.cam.ac.uk/
~jw35/docs/doing_ssl.html
SSL detail:
http://www.modssl.org/docs/2.8/ssl_intro.html
http://developer.netscape.com/
docs/manuals/security/sslin/contents.htm
More SSL detail, and HOW-TO with Netscape:
~fhirsch/Papers/wwwj/index.html
Common sources of certificates:
BT
Trustwise (UK Verisign Agent)
http://www.trustwise.com/
Thawte:
http:///www.thawte.com/