Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 778

Certificates and Authentication
SSL Protocol
The Secure Sockets Layer (SSL) protocol is a set of rules governing server
authentication, client authentication, and encrypted communication between
servers and clients. SSL is widely used on the Internet, especially for interactions
that involve exchanging confidential information such as credit card numbers.
SSL requires a server SSL certificate, at a minimum. As part of the initial
"handshake" process, the server presents its certificate to the client to authenticate
the server's identity. The authentication process uses public-key encryption and
digital signatures to confirm that the server is in fact the server it claims to be. Once
the server has been authenticated, the client and server use techniques of
symmetric-key encryption, which is very fast, to encrypt all the information they
exchange for the remainder of the session and to detect any tampering that may
have occurred.
Servers may optionally be configured to require client authentication as well as
server authentication. In this case, after server authentication is successfully
completed, the client must also present its certificate to the server to authenticate
the client's identity before the encrypted SSL session can be established.
For an overview of client authentication over SSL and how it differs from
password-based authentication, see "Authentication Confirms an Identity," which
begins on page 772. For more detailed information about SSL, see Appendix K,
"Introduction to SSL."
Signed and Encrypted Email
Some email programs (including Messenger, which is part of Communicator)
support digitally signed and encrypted email using a widely accepted protocol
known as Secure Multipurpose Internet Mail Extension (S/MIME). Using S/MIME
to sign or encrypt email messages requires the sender of the message to have an
S/MIME certificate.
An email message that includes a digital signature provides some assurance that it
was in fact sent by the person whose name appears in the message header, thus
providing authentication of the sender. If the digital signature cannot be validated
by the email software on the receiving end, the user will be alerted.
The digital signature is unique to the message it accompanies. If the message
received differs in any way from the message that was sent—even by the addition
or deletion of a comma—the digital signature cannot be validated. Therefore,
signed email also provides some assurance that the email has not been tampered
with. As discussed at the beginning of this document, this kind of assurance is
778 Managing Servers with Netscape Console • December 2001