Alice authenticates Bob not viceversa Why would server not a

Alice authenticates Bob, not vice-versa. Why would server not authenticate client? How does client authenticate server? e) Briefly describe an SSL client can check a server\'s certificate for validity

Solution

d) In general case of web server like google email server, facebook, etc.. authentication of clients is done using user name and passwords rather than certificates. Server doesn\'t care about from which system the client is connecting. Cookies are sufficient to track clients.

Client Authentication of Server:

1. Check for the validity date of certificate received from Server

2. Check whether the certification authority is trusted

3. Compare the public key from the CA\'s certificate (found from the list of trusted CAs) to validate the CA\'s digital signature on the server certificate that is being presented

4. Compare the Domain name on the certificate with Domain name of the Server ( To prevent man in the middle attack)

e. With the steps mentioned earlier, following steps could also be included.

1. Ensure that certificate presented is not in the Certificate Revocation List provided by CA

2. Compare the validity date with System date to ensure that Certificate is not expired.