As security, we are very concerned about the Internet, especially in the commercial field. How can we distinguish and compare multiple security protocols? Now let's take a look at the main character of today, the SSL security protocol. the security requirements of an application depend heavily on how the application will be used and what the application will be protected. However, it is generally possible to use existing technologies to achieve powerful and general-purpose security. authentication is a good example 。
When a customer wants to buy a product from a Web site, both the customer and the Web site must undergo authentication. The customer generally authenticates himself by providing the name and password, the Web site exchanges a piece of signature data and a valid X.509 Certificate (as part of the SSL handshake) to authenticate itself. The customer's browser verifies the certificate and verifies the signature data with the attached Public Key. once both parties have authenticated the certificate, the transaction can begin 。
SSL can process server authentication using the same mechanism (as in the above example) and client authentication. Web sites typically do not rely on the SSL security protocol for client authentication-requiring users to provide passwords is easier. SSL client and server authentication is perfect for transparent authentication, for example, transparent authentication is required between peers in p2p applications 。
Secure Sockets Layer (SSL) is a security protocol, which is a network (such as the Internet) SSL enables applications to communicate without worrying about theft or tampering. SSL is actually two protocols that work together: "SSL Record Protocol" (SSL Record Protocol) and "SSL Handshake Protocol". "SSL record Protocol" is a lower-level Protocol of the two Protocols, which is a higher-level Protocol, for example, the SSL handshake protocol encrypts and decrypts long data records. The SSL handshake protocol processes the exchange and verification of application creden 。
When an application (client) wants to communicate with another application (server), the client opens a socket connection connected to the server. Then, the client and server negotiate secure connections. As part of the negotiation, the server authenticates itself to the client. The client can choose to authenticate itself to the server or not. Once authentication is completed and a secure connection is established, then the two applications can communicate securely. By convention, I will regard the peer that initiates the communication as a client, and the other peer as a server, no matter what role they play after the connection 。
The two peering machines named A and B want to communicate securely. In our simple p2p application environment, peer A wants to query A resource on peer B. Each peer has A database (named keystore) with its own private key) and A certificate that contains its public key. The password protects the content of the database. The database also contains one or more self-signed certificates from trusted peer. Peer A initiates this transaction, each peer machine authenticates each other, and the password and length used by the two peer machines for negotiation are established and a secure channel is established. After these operations are completed, each peer knows who it is talking to and that the channel is Secure) the Secure Sockets Layer Protocol uses public key systems and X.509 digital certificates to protect the confidentiality and integrity of information transmission. It cannot guarantee the non-repudiation of information and is mainly applicable to point-to-point information transmission, common Web Server methods 。
SSL (Security Socket Layer) is a Security protocol based on WEB Applications proposed by Netscape. It includes Server Authentication and customer authentication (optional), SSL link data
Integrity and data confidentiality on the SSL link. for e-commerce applications, SSL can ensure the authenticity, integrity, and confidentiality of information, therefore, the non-repudiation of transactions cannot be provided, which is the biggest disadvantage of SSL in e-commerce, netscape introduced a function called Form Signing in all browsers starting with Communicator 4.04. in e-commerce, this function can be used to digitally sign the form containing the buyer's order information and payment instruction to ensure the non-repudiation of the transaction information, it is not enough to use a single SSL security protocol in e-commerce to ensure transaction security, but the "SSL + form signature" mode can provide better security for e-commerce 。