This section provides an overview of SSL technology and its
application.
The SSL protocol works cooperatively on top of several other
protocols. SSL works at the application level. The underlying mechanism
is TCP/IP (Transmission Control Protocol/Internet Protocol), which
governs the transport and routing of data over the Internet. Application
protocols, such as HTTP (HyperText Transport Protocol), LDAP (Lightweight
Directory Access Protocol), and IMAP (Internet Messaging Access
Protocol), run on top of TCP/IP. They use TCP/IP to support typical
application tasks, such as displaying web pages or running email
servers.
SSL addresses three fundamental security concerns about communication
over the Internet and other TCP/IP networks:
SSL server authentication -- Allows
a user to confirm a server's identity. SSL-enabled client software can
use standard techniques of public-key cryptography to check whether
a server's certificate and public ID are valid and have been issued
by a Certificate Authority (CA) listed in the client's list of trusted
CAs. Server authentication is used, for example, when a PC user
is sending a credit card number to make a purchase on the web and
wants to check the receiving server's identity.
SSL client authentication -- Allows
a server to confirm a user's identity. Using the same techniques
as those used for server authentication, SSL-enabled server software
can check whether a client's certificate and public ID are valid
and have been issued by a Certificate Authority (CA) listed in the
server's list of trusted CAs. Client authentication is used, for
example, when a bank is sending confidential financial information
to a customer and wants to check the recipient's identity.
An encrypted SSL connection -- Requires
all information sent between a client and a server to be encrypted
by the sending software and decrypted by the receiving software,
thereby providing a high degree of confidentiality. Confidentiality
is important for both parties to any private transaction. In addition,
all data sent over an encrypted SSL connection is protected with
a mechanism that automatically detects whether data has been altered
in transit.