[UFO Chicago] How SSL Works

Larry Garfield larry@garfieldtech.com
Wed, 12 Feb 2003 13:23:10 -0600

Hey folks.  I am supposed to write a column this week for work in which 
I briefly express the view that the "wireless village" protocol (we 
discussed that a while back, it's a phone-centric IM-and-more setup) 
should be less centralized, but then solve the potential for spam issues 
by mandating SSL usage as part of the spec.  Basic idea being that if 
the big phone carriers (who are pushing WV) were also certificate 
authorities, and they controlled the default set of "approved 
registries" on their phones which users could edit, and all messages 
required SSL from someone, then you essentially eliminate anonymous 
SERVERS, and have authorities (the existing and new SSL CAs) who can 
"de-certify" a spam-sending WV server.  (Basically close most of the 
holes in the email protocol and infrastructure that makes spam so easy.)

Of course, that's based on my understanding of how SSL works, which I do 
not guarantee to be 100% accurate. :-)  Therefore, can someone please 
either provide a brief explaination of how SSL works (Nate, you've setup 
your own before, right?) or point me towards a brief, only 
semi-techincal explaination of how it works?

Many thanks.

Larry Garfield			AIM: LOLG42
larry@garfieldtech.com		ICQ: 6817012

"The world's most dangerous terrorist is at large in the US.  He has his sights set on making the entire American population cower in fear.  He has ordered his people to assassinate American citizens.  Do you know him?  His name is George W. Bush."