What is SSL?

Recent developments in browser/server technology have made it easy for people to use Web services without worrying about electronic fraud. An example is Secure Sockets Layer (SSL), developed by Netscape. This security protocol has been submitted to the Internet Engineering Task Force (IETF) as an Internet-Draft.

Basically, this protocol allows the browser and server ends of a Web session to authenticate one another and secure information that subsequently flows between them. Through the use of cryptographic techniques such as encryption, this protocol:

• Allows sensitive information (e.g., credit card numbers) to be shared between browser and server, yet remain inaccessible to third parties
• Ensures that data exchanged between browser and server cannot be corrupted -- accidentally or deliberately -- without detection.

A key component in the establishment of secure Web sessions via the SSL protocol is the public key certificate. Without authentic and trustworthy certificates, a protocol like SSL offers no security at all.

Public Key Certificates

The credentials used to authenticate Web servers and their clients via a protocol such as SSL are called X.509 public key certificates. A public key certificate is analogous to a passport, in that it proves your identity and is authorized by a trusted third party known in the security world as a Certification Authority or CA. In the passport analogy, the CA is similar to the Passport Office, which verifies your identification, creates a recognized and trusted document which certifies who you are, and issues the document to you.

For more information about security protocols, public key certificates, and CAs, visit the Entrust Web site.