This is a really nice article. By way of a little history, the specification that defines certificates is X.509, and is part of the series that describes the OSI Directory - which ended up simplified as LDAP. A certificate contains, in effect, a bunch of LDAP attributes - and so it literally can contain Bob's photo via the jpegPhoto attribute. That's not likely to happen, though, because a Certification Authority ought to only sign a certificate when it can verify every attribute within it.
One thing you haven't mentioned is revocation and status checking... But maybe I should write something on that.
Which I've done: Licensed Revoked; Certificate Status Checking in PKIX.
I must say that your article has been an excellent read. Not only you talked about the basics like Diffie Hellman Key exchange but also related those basics with the bigger set of things like digital signatures and certificates.
Overwhelmed to see such a simplified explanation of such a complex topic.
Hello. Thanks for the interesting article! I have a question. Is it just a coincidence in this example that the 'numberAliceSent' is the same as 'secretAlice' and that 'numberBobSent' is the same as 'secretBob'?
They may or may not be the same, it's just a coincidence that they are.
I am having a doubt on which encryption type is actually used.
What I understand from the order you have written is that Asymmetric encryption (probably RSA) is used only for Certificates and Symmetric encryption (Diffie-Hellman) for all other communication.
Correct me if I'm wrong.
Certificates are used to prove that the website is whom it says it is. The rest of the communication is encrypted using symmetric key encryption.
Diffie-Hellman is not an encryption algorithm though, it's a key exchange algorithm.
Although the article only mentions Diffie-Hellman, there are other options to exchange a secret key.
An awesome article, but I still don't understand about magic math stuff. 😂
Very interesting post, thanks !
Nice article. It presents everything related to SSL in simple terms at one place. Simplicity is hard to achieve. Kudos!
Great post! Although it did make me chuckle a little bit when you mentioned “trusted” and “Symantec” in the same sentence 😂
Hey, really nice article. Can you explain how browser verifies the identity of a certificate if it's signed by a non root CA ?
Thank you for the writeup of such a fascinating topic! I think theres a small typo in the Diffie-Hellman paragraph:
*... they sill won't be able to discover what the secret key is. *
Thanks for letting me know
Thanks for such a simple explanation of important aspect of web. Learnt new thing.
Just a heads up, I think "it was also created by however the private key belongs to." should be ", it was also created by whomever the private key belongs to."
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.