Another good property of SSL is that, analogous to what happens
with the server, it can leverage a certi?¬?cate for performing
client authentication. Without really going into the gory details
of the SSL handshake, the following list summarizes how SSL
client authentication works:
Certi?¬?cates impose
a trade-off between
security and agility
HTTPS supports the
use of certi?¬?cates as
a means of user
authentication
The Babel of Cryptography 63
1. The user points the browser to a Web page that requires
SSL client authentication.
The system examines the user??™s local account for suitable
certi?¬?cates available on the client machine;
depending on the results and on the settings, the user
may be prompted to choose a speci?¬?c certi?¬?cate or give
his consent for the certi?¬?cate usage.
2. The certi?¬?cate is sent to the server, along with a small
fragment of random data signed with the private key
corresponding to the chosen certi?¬?cate.
The server veri?¬?es a number of things, including integrity
of the signature, trust relationship with the CA, certi?¬?cate
expiration, CA signature on the certi?¬?cate, and so on. If
everything is okay, the Web server will try to map the
certi?¬?cate to an account on the network to which the
server belongs.
Pages:
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125