Figure 1-12 An HTTPS request
The Babel of Cryptography 51
To Eve??™s dismay, all subsequent traf?¬?c will be similarly garbled.
The con?¬?dentiality problem is solved.
What happened? We really don??™t want to go into the details
here. However, in extremely simpli?¬?ed terms, here??™s what happened.
The browser and the Web server exchange information
about their respective capabilities for using this or that encryption
algorithm, and then the Web server sends its certi?¬?cate. The
browser extracts the public key from the certi?¬?cate, and it uses it
for encrypting a symmetric key that is then sent to the Web
server. The Web server decrypts it, and then it starts using it for
encryption of all the subsequent traf?¬?c in a very ef?¬?cient way.
This not 100 percent accurate (refer to Dif?¬?e-Helman for an
exact description), but it should give you an idea of how certi?¬?-
cates make all this possible.
One important consequence of the usage of certi?¬?cates for websites
is that this constitutes a cryptographically sound method for
declaring the identity of the website itself. If you apply the concepts
introduced in the section ???PKI and Certi?¬?cates??? to the
current example, you will obtain a certi?¬?cate signed by a certain
CA and with a subject ?¬?eld containing the value www.
Pages:
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106