Eric We are not networking/security experts, but in general, you would not establish a session with your router. The router would simply pass the connection from your computer to the bank, where the connection would either be accepted or rejected. If accepted, it would start an SSL handshake back to your computer through the router. Once the handshake is complete (meaning you have told the bank you trust it, and the bank has determined you are who you say you are) then an encrypted SSL session is started.
During this handshake, a process referred to as authentication takes place. SSL commonly uses certificates, so that implies the bank has a copy of your certificates public key. During the hankshake, it sends a challenge, which your SSL client would sign with your certificate private key. Then the bank will decrypt with your public key. If all is well, the bank accepts you as being real, and all traffic between you and the bank is encrypted and secure. So, unless you give someone your certificate's private key, then they cannot decrypt any traffic to/from the bank. Giving someone your private key would almost be like giving someone the keys to your house and telling them you will be out of town for the next year. There are other methods of authentication, which I suspect most banks use, such as password, passphrase, etc. Whatever authentication is used, that is the "key" to your security. So that key should be protected just like you do your most valuable assets. Ken --- Eric Gold <[EMAIL PROTECTED]> wrote: > Hi, I have a simple SSL question, I am at a > beginner's level. If I want to do on-line banking > from my office I am required to go through my > linksys router to the banks website. Is there a > security hole in my router because I would first > establish an SSL connection to my router and then a > second SSL connection would be established from > router to the bank's website meanwhile would my > sensitive data could be subjected to attacks inside > my router? Does SSL provision for this. Thanks for > answering this question. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
