Got a YouTube account?

New: enable viewer-created translations and captions on your YouTube channel!

English subtitles

← Trusting A Server Solution - Applied Cryptography

Get Embed Code
1 Language

Showing Revision 2 created 05/25/2016 by Udacity Robot.

  1. The correct answer is the third choice.
  2. What the client needs to do to know that it's talking with the correct server--
  3. it needs to know that it's talking with server S and knows that that's a public key owned by S.
  4. If that's correct, then S owns the corresponding private key
  5. and only that server can decrypt this message and obtain the right session key.
  6. This is the problem the certificate is designed to solve.
  7. Number one would work if we had a way to always know the public key beforehand.
  8. That would be great. We wouldn't need any other solution.
  9. This is not going to work for websites.
  10. This would only work if we could pre-load the public key
  11. of all the websites we might ever communicate with into the browser.
  12. That's not realistic.
  13. We need some other way of getting new public keys for new sites as we visit them.
  14. Verifying the certificate using KUS doesn't make any sense,
  15. because KUS was provided by the server, so if we use the server's public key
  16. to verify the certificate, that would be a self-signed certificate.
  17. It wouldn't prove anything since the signature is being verified
  18. with the key provided by the person claiming the signature.
  19. That's why we need the third solution, which uses some other key
  20. that the client already trusts to verify the certificate and then the information
  21. in the certificate to know that it's the right server and to know the server's public key.