e-lang: RE: Netscape's use of SSL

RE: Netscape's use of SSL Tyler Close (tjclose@yahoo.com)
Fri, 21 Jan 2000 22:57:18 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ] [ Next ]
[ Previous ] In reply to: Tyler Close

I think these misgivings come from not accepting what SLL provides and doesn't provide.

In the typical HTTPS use, SSL authenticates the server to the client and allows the server to send data on a communication channel that is acceptable to the client.

This may seem like very limited functionality, but from my perspective it is all that is needed and nothing more.

Both of your pit-falls result from attributing authority to requests sent over the agreed communications channel (the session). I don't think SSL provides for such attribution of authority. The channel is just a channel, not an authorization.

From the server's perspective, it does not care how a request got to it, just that the request is properly addressed. In a Droplets application, http://www.waterken.com/Droplet/, this means that the request has been addressed to an existing object (ie: that the Swiss number in the URL maps to an object on the server). The server doesn't care if the client used the negotiated channel or not. The server just has to constrain itself to only replying on the negotiated channel.

To map this into your analogy, a bogus message would never get to the ambassador because the clerk found that the message was not addressed to any of the ambassadors in the embassy. If the ambassador does receive a message, she knows that it must have come from someone with the authority to send it.

Tyler Close, Founder Waterken Inc.
tyler@waterken.com
A35E 0621 44AD B616 DE29 F8DF 7B4C E859 71AB 47C5

> -----Original Message-----
> From: owner-e-lang@eros-os.org [mailto:owner-e-lang@eros-os.org]On
> Behalf Of Norman Hardy
> Sent: Thursday, January 20, 2000 9:01 PM
> To: e-lang@eros-os.org; Ben Laurie
> Cc: frantz@netcom.com; markm@caplet.com
> Subject: Re: Netscape's use of SSL
>
>
> I have been multiprocessing my reply to the last entry on
> this topic for a
> few weeks. I now have a few notes at
> <http://www.mediacity.com/~norm/SSL/SSL2.html> that I think
> I did not say
> clearly or coherently before.
> Norman Hardy <http://www.mediacity.com/~norm>
>

Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com

[ Next ]

[ Previous ] In reply to: Tyler Close