• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

What is true about SSL?

 
James Du
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is true about SSL?
1) Client-side SSL ensures authentication etc. for the client but not for the server
2) Server-side SSL ensures authentication etc. for the server but not for the client
3) Client-side SSL ensures authentication etc. for the server and client
4) Client-side SSL is exactly the same as Server-side SSL

The option 2) is obvious.
As for the 1) and 3), quite hard to choose.

What do you think?

Regards.
James
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
James,

As you said, #2 is obviously correct.

The 'extended' SSL allows authentication of the client as well. My question is: is 'Client-side SSL' the right term for it?

This nice paper http://www.ists.dartmouth.edu/library/securing-systems-software/ksi0204.pdf uses the term 'client-side authentication':

In the last decade, the Web has become the dominant paradigm for electronic access to information services. The Secure Sockets Layer is the dominant paradigm for securing Web interaction. For a long time, SSL with server-side authentication � where, during the handshake, the server presents a public-key certificate and demonstrates knowledge of the corresponding private key�was perhaps the most accessible use of PKI in the lives of ordinary users.
However, in the full vision of PKI, all users have key pairs�not just the server operators. Within the SSL specification, a server can request client-side authentication�where, during the handshake, the client also presents a public-key certificate and demonstrates knowledge of the corresponding private key. The server can then use this information for identification, authentication, and access control on the services it provides to this client.


-- Dan
 
James Du
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Dan,

I share the same question with you, besides that, I also wonder if there exist a type of SSL which authenticate only the client side.

There's no such a applicable scenario in the real world at all?

regards,
James
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic