Freelancers Network
 
skill list top cap
Homepage
Join the Freelancer's Network
Update your details
Find a freelancer
Post a project
Find a project
Projects Archive
Post a job
Find a job
Jobs Archive
See Dan's Pages
See Andy's Pages
Link to this site
Resources
Join/Leave Forum
Forum Messages
+Additions+ Adverts
Advertising
Contact Us
Subscribe to our newsletter - enter your email address and hit return
Freelancers.net is owned and operated by Andy Stowell and Dan Winchester
skill list end cap
guru web hostcom

Find me again on Freelancers.net

RE: FN-FORUM: SSL and certificates

date posted 3rd August 2003 23:54

> ========================
> Saturday 2nd August 2003 14:41:26
> Re: FN-FORUM: SSL and certificates - Manjit Singh
> [EMAIL REMOVED]
>
> Amazon does not appear to use CA's, no detering messages
> there. What's
> the score here?
>

Amazon's certificate *is* signed by Verisign - for some reason clicking
IE's padlock doesn't give you this data - NS7 does.

Are you clear on what a certificate does? What it isn't is a seal of
approval for a business!

Basically SSL uses public key encryption to ensure no-one can eavesdrop
on (or change) data going between server and browser. One way to thwart
this would be to have a "man-in-the-middle" device (like a proxy server)
that does the following:
- user accesses https://www.barclays.com
- the proxy takes the request, reads the page from the real
www.barclays.com and serves it up - decrypting and recrypting the data
as it passes through.
- thus the user thinks they have a secure connection
- but the operator of the proxy can read anything!

To prevent this, SSL signs part of the transaction using the server
certificate. This allows the browser to validate that www.barclays.com
is the real McCoy. If this fails, you get the "scary message"!

So any browser has no way of knowing the difference between a
"self-signed" cert and a random cert from a "man-in-the-middle". Hence
they are only really a test tool.

For a CA to operate, it needs to have a reference to its root
certificate in MS browser (really OS) code. (and Netscape, Opera, etc).
Only a few firms have this exalted status - hence their fairly high
prices.

The alternative to having your own SSL site for card transactions is a
third party site (like Paypal or whatever). Here the shop will transfer
to the payment site - the user then transacts with the payment site,
which notifies the shop that they have paid. Typically you as a shop
don't get to see how - you just get the money less a service charge.

Hope this helps,
Richard

Messages by Day
August 31st 2003
August 30th 2003
August 29th 2003
August 28th 2003
August 27th 2003
August 26th 2003
August 25th 2003
August 24th 2003
August 23rd 2003
August 22nd 2003
August 21st 2003
August 20th 2003
August 19th 2003
August 18th 2003
August 17th 2003
August 16th 2003
August 15th 2003
August 14th 2003
August 13th 2003
August 12th 2003
August 11th 2003
August 10th 2003
August 9th 2003
August 8th 2003
August 7th 2003
August 6th 2003
August 5th 2003
August 4th 2003
August 3rd 2003
August 2nd 2003
August 1st 2003


Messages by Month
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003


Messages by Year
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000