Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
i looked at a digital certificate from a site and it says that
Proves your identity to a remote computer
Ensures the identity of a remote computer
How can a server side digital certificate prove my identity to the remote server without me having a digital certificate ?
4 replies to this topic
Back to top|
|
|
#2
Posted 13 January 2011 - 12:41 AM
LuthfiHakim
-
- Members
-
- 765 posts
Programming God
Simply means it proves your identity as the session starter, making no one be able to hijack your session.
#3
Posted 13 January 2011 - 01:17 AM
P98
-
- Members
-
- 14 posts
Newbie
Quote
Simply means it proves your identity as the session starter
That doesn't make any sense ? :(
#4
Posted 13 January 2011 - 01:43 AM
LuthfiHakim
-
- Members
-
- 765 posts
Programming God
I think it's better to use session owner term instead of session starter. To understand the importance of encryption, you must remember that in internet to convey messages from one computer to the other the messages must go through other computers before reaching the target recipient (this other computers usually referred to as hops).
Without encryption the hops could easily understand the content of the messages and copy them if they want to. And what I meant by hijackers are the ones who try to impersonate you by copying parts of the messages. In web session which usually use cookies to store a session's information, the hijacker would copy the cookies. Afterward messages accompanied by the copied cookies from the hijacker would be accepted as if it was from you. Imagine if you just confirm a large purchase and a hijacker be able to change the delivery address.
With encryption, hijacker could not copy the cookies easily anymore unless he/she could break the encryption which is very unlikely since the encryption was short lived.
Let me add a very simple example.
Imagine that computer A wants to communicate with remote computer B. To reach B, messages from A must hops through computer C, and vice versa, messages from B before reaching A must go through C. Without encryption, C could eavesdrop the messages and could impersonate A (to talk with B) or B (to talk with A). With encryption C could no longer eavesdrop the messages, since it could not understand them. Therefore encryption ensures that the conversation only happens between A and B. No middle party could take part.
Without encryption the hops could easily understand the content of the messages and copy them if they want to. And what I meant by hijackers are the ones who try to impersonate you by copying parts of the messages. In web session which usually use cookies to store a session's information, the hijacker would copy the cookies. Afterward messages accompanied by the copied cookies from the hijacker would be accepted as if it was from you. Imagine if you just confirm a large purchase and a hijacker be able to change the delivery address.
With encryption, hijacker could not copy the cookies easily anymore unless he/she could break the encryption which is very unlikely since the encryption was short lived.
Let me add a very simple example.
Imagine that computer A wants to communicate with remote computer B. To reach B, messages from A must hops through computer C, and vice versa, messages from B before reaching A must go through C. Without encryption, C could eavesdrop the messages and could impersonate A (to talk with B) or B (to talk with A). With encryption C could no longer eavesdrop the messages, since it could not understand them. Therefore encryption ensures that the conversation only happens between A and B. No middle party could take part.
#5
Posted 13 January 2011 - 04:29 AM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
P98 said:
i looked at a digital certificate from a site and it says that
Proves your identity to a remote computer
Ensures the identity of a remote computer
How can a server side digital certificate prove my identity to the remote server without me having a digital certificate ?
Proves your identity to a remote computer
Ensures the identity of a remote computer
How can a server side digital certificate prove my identity to the remote server without me having a digital certificate ?
If an imposter has hijacked your connection to the bank (rerouting traffic requests, change to DNS, etc), and sends you data that looks like it's from your bank, how would you know? After all, there are only a couple of links between you and your bank you can be certain of. The site certificate can be checked against the issuing authority to see if the certificate, IP address, etc all match. With a hijacked site, the IP address won't match the DNS name, causing a reject.
It's not perfect, but it does help. It helps prove to you that you are connected to the secure site you think you're connected to.
