next up previous
Next: 4.1.2 Security Service Requirements Up: 4.1 Security Assessment of Previous: 4.1 Security Assessment of

4.1.1 Introduction

SSL is a channel security protocol. It provides a secure pipe between two systems which may be used to carry HTTP transactions or any other application data. It is not coupled to particular electronic commerce features or applications. Architecturally, SSL may be compared to versions of SOCKS which perform encryption or to IP security proposals. SSL includes the facilities for establishing, negotiating, and managing the security association between the endpoints (including performing authentication).

SSL operates based on longer term security associations oriented around the generation of a master key between two parties and short lived sessions with per-session keys derived from the master key. In the assessment below, distinctions will be made between the services applied on a per-association basis vs those performed on a per-session basis.

Denis Arnaud