Authentication Confirms An Identity - Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual

Certificates and Authentication

Authentication Confirms an Identity

Authentication is the process of confirming an identity. In the context of network
interactions, authentication involves the confident identification of one party by
another party. Authentication over networks can take many forms. Certificates are
one way of supporting authentication.
Network interactions typically take place between a client, such as browser
software running on a personal computer, and a server, such as the software and
hardware used to host a Web site. Client authentication refers to the confident
identification of a client by a server (that is, identification of the person assumed to
be using the client software). Server authentication refers to the confident
identification of a server by a client (that is, identification of the organization
assumed to be responsible for the server at a particular network address).
Client and server authentication are not the only forms of authentication that
certificates support. For example, the digital signature on an email message,
combined with the certificate that identifies the sender, provide strong evidence
that the person identified by that certificate did indeed send that message.
Similarly, a digital signature on an HTML form, combined with a certificate that
identifies the signer, can provide evidence, after the fact, that the person identified
by that certificate did agree to the contents of the form. In addition to
authentication, the digital signature in both cases ensures a degree of
nonrepudiation—that is, a digital signature makes it difficult for the signer to claim
later not to have sent the email or the form.
Client authentication is an essential element of network security within most
intranets or extranets. The sections that follow contrast two forms of client
authentication:
• Password-Based Authentication. Almost all server software permits client
authentication by means of a name and password. For example, a server might
require a user to type a name and password before granting access to the
server. The server maintains a list of names and passwords; if a particular
name is on the list, and if the user types the correct password, the server grants
access.
• Certificate-Based Authentication. Client authentication based on certificates is
part of the SSL protocol. The client digitally signs a randomly generated piece
of data and sends both the certificate and the signed data across the network.
The server uses techniques of public-key cryptography to validate the
signature and confirm the validity of the certificate.
772 Managing Servers with Netscape Console • December 2001