SSL Explained

Cryptography Demystified

Bill Childers


Agenda: Why Encryption?

"Imagine code arriving over the Internet. It presents its credentials and says, 'I can prove I don't eat children for breakfast; I rarely eat children for lunch.' You know: all these things you'd like to know about a program if you're going to invite it into your home."

Whitfield Diffie
Chief Security Officer
Sun Microsystems


Stuff we need to do on the Internet
Remote working
Nasty stuff out there
Identity Theft

Cryptography Objectives




Integrity (Message)

Confidence (ie, trust)

Everyday uses for cryptography

Agenda: SSL

How SSL works

A Special Intermission

What is SSL?

Secure Web Example

Secure Web (continued)

Is it really Wells Fargo when you do your on-line banking, or is it just a web site made to look like it? (phishing)

SSL Handshaking

SSL Summary

PANIC - Where are we?

Agenda - Digital Certificates

Digital Certificates

Anatomy of a Digital Certificate

Also Important (but not shown):

Issued To: Server FQDN

Issued To: Continued

Issued By: Certificate Authority

Issued By: Continued

Public Key


Digital Signature

PANIC - Where are we?

Digital Certificate Summary

Agenda: Practical Issues

Practical Challenges

Faster Encryption

Smaller Signatures

Smaller Signatures - Continued

Verifying a Signature

PANIC - Where are we?

Google Homework

Final Summary

Who do we ultimately trust?

Questions and answers

"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl." --Kevin McCurley's Thought for the day, June 24, 1997

Where to find me: