Does SSL provide any type of security other than simply encrypting the content of the HTTP request for web applications?
+5
A:
SSL does 2 things:
- verifies that the site is who they say they are (to prevent man in the middle attacks)
- encrypts the traffic between the client and the server
cobbal
2009-10-12 17:01:28
SSL provides 1) confidentiality, 2) authentication (usually; there are anonymous cipher suites), and 3) *integrity.* It does not provide non-repudiation, authorization, or availability. I stress the integrity, because it is important to know that *none* of the traffic is alterable in any way by an attacker.
erickson
2009-10-12 17:11:51
A:
An addition to @cobbal, only organization-validated certificates validate who you really are. Almost 90% of the certificates in the market are domain-validated and they don't validate anything (that's why they are much cheaper).
Danny Maya
2009-10-13 10:49:54
No, to give an example:Geotrust QuickSSL Premium is domain-validated and while buying it, it only validates that the domain belongs to you.Geotrust TrueBusinessID is organization-validated. It asks you to send several official papers to validate that you're really running an official business. From the eyes of the visitors, they are more respected.
Danny Maya
2009-10-17 07:08:53