Secure Socket Layer (3)

• SSL does NOT assure me that the Merchant is authorized to accept my credit card

• Is the conversation private ?

  • Session key is known only to my browser and the server
  • confidentiality obtained through encryption (privacy; prevents eavesdropping)
  • data integrity obtained through hashing (MD5)
  • server authentication obtained via digital certificates
  • (optional) client authentication via digital certificates
  • my credit card number can be read only by the Merchant Server
  • SSL session involves exchange certificates and keys

Previous slide

Next slide

Back to first slide

View graphic version