Here is my understanding 1. Confidentialy/EavesDropping - Data is not read during transmission between sender and receiver. This is taken care by Encrption and Decrption � Symmetric cryptography. correct? 2. Data Integrity/Tampering - Data is not modified during transmission between sender and receiver. This is taken care by public key crptography correct? so if I use just SSL and not using any certificate or digital signature, is it correct to say that i have taken care of point 1 but not point 2. 3. to vouch for public key, I need to use trusted CA like Verisign etc correct? 4.im referring to figure 3 of following link: http://developer.netscape.com/docs/manuals/security/pkin/contents.htm#1051918 From this diagram, Im assuming that original data is encrpted using symetric algo and transmitted via ssl along with digital signature. correct?
umm surprised.... in many of SCEA notes, i have seen mentioning on cryptography, digest, pki, digital certificates apart from jdk security and applet security. can anybody confirm that therei s not need to study on pki, certificate, digital signature. what is the scope in security section? applet security and jdk 1.1 , 2 security model? question on applet security in jdk1.1, a signed jar gets full access to system resources correct? if a jar is signed..is it also trusted? if above is not correct..how to make applet trusted apart from it is signed