5.4. Authentication Protocols

Secure Sockets Layer (SSL), a protocol developed by Netscape, offers authentication, confidentiality, and non-repudiation of Web servers and end-users. SSL is a session layer protocol that runs on top of TCP and was superseded by the Transport Layer Security (TLS) protocol [3]. TLS is now an IETF RFC and contains minor changes with respect to SSL version 3.0. We will be referring to TLS in the rest of our discussion. However, most of what we say here is also applicable to SSL.

Figure 5.4 depicts the protocol stack showing an application protocol such as HTTP running on top of TLS. TLS allows the server to authenticate itself to the client by presenting to it a verifiable certificate containing a public key (more ...

Get Scaling for E-Business now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.