In a very recent post I had requested that someone refer me to a web site
that would provide information about the technology behind so called secure
web sites.
On Mon, 10 Jan 2000 03:13:02 +0000, Steve - RH Linux User wrote:
> http://www.naic.org/1papers/papers/technical/ENCRYPT1.htm
On Mon, 10 Jan 2000 00:13:03 +0100 (CET), Petri <[EMAIL PROTECTED]>
wrote:
> Here it
> is: <http://developer.netscape.com/tech/security/ssl/protocol.html>
Information I found at both sites was very interesting. Both sites speak
of public and private keys. Here is what I don't understand:
If I should encrypt a message by using a public key, and then transmit the
message to you, then there is nothing secret about it, because the key is
publicly available. On the other hand, if I should encrypt a message
by use of a private key, and if only you and I know what our private key is,
then we can encrypt and decrypt secret messages to each other. A public key
has no security value whatsoever.
The best method of transmitting secret messages would involve only the sender
and the receiver having a copy of a unique randomly generated key. A
somewhat less secure, but fairly good method of transmitting secret messages
would involve the sender and the receiver agreeing to use a secret password,
a pass phrase, or a certain passage from a book to be used as a key for
encryption/decryption. No parties other than sender and receiver would have
knowledge as to whatever string of characters had been agreed upon for use as
a ciphering key.
What I mean to say here is that I cannot think of any method by which sender
and receiver can transmit secret messages to each other over public channels
of communication with any reasonable level of security unless both parties
have previously agreed on an encryption/decryption key.
Sam Heywood
-- This mail was written by user of Arachne, the Alternative WWW Browser
