Suppose that you use the SSL protocol and connect to a merchant site, M. The site sends you M’s certificate. When the SSL protocol completes, howcan you be sure that the newsession key can be known only to M (perhaps an intruder has sent you a copy of M’s certificate)? Can you be sure that you are connected to M?
What will be an ideal response?
Only M can decrypt the session key you have created since you encrypted it with M’s public key obtained from a valid certificate. Although you cannot be sure that you are connected to M, you can find out by sending a message encrypted with the new session key. If the reply to that message implies that the site decrypted your message, the site must be M.
Computer Science & Information Technology
You might also like to view...
Data in a multidimensional database is organized in a ________ format
A) cube B) linear C) cellular D) modular
Computer Science & Information Technology
A(n) ____________________ section defines an introduction to a document or section.
Fill in the blank(s) with the appropriate word(s).
Computer Science & Information Technology