Chain of Trust
The chain of trust starts when you get your WWW browser.
You don't get it just from anywhere in the Internet.
You trust your browser to the extent, that it is what it claims to be:
a product from the company it is labled with.
The most popular browser come with a list of sites of certificated signers,
along with their certificates. This enables you to cross check
the site you are connecting to.
After confirming the authenticy of our site with our signer, you are sure
that you are connected to the site you think you are.
In other words:
- You connect to our server,
- our server tells your browser the cerficate authority
(certificated signer) that certifies us,
- your browser looks up a list of authorities and
- cross checks the certification from our site with the one
from the authority.
You browser may also have some information about security.
- IE 5.*
- On the menu bar, select Help, then About Internet Explorer.
- NS Communicator 4.*
- On the menu bar, select Communicator, then Tools, then
Security Info or click on this link
information about security.
Protecting the Connection
The SSL protocol includes the encryption of the connection. This includes
a digital signature.
This way, eavesdropping is not possible. Together with the
site certification, the "Man In The Middle" attack is infeasible.
However, this depends also on the length of the encryption key
negotiated with your browser. A "40 bit key" is considered medium
security level.
Your browser provides information on those issues.
References
