S
S
L
Wow, what a lecture we had in MCSE425 (ISA Server 2003) Thursday evening. We were talking about how ISA server deals with filtering encrypted traffic. My instructor started off by saying, "Does everyone know how SSL works?" Everyone nodded... It's basic, it encrypts the data-payload of a standard HTTP packet, and authenticates communication. Easy, right?

Well one student said: "Could you clear it up a bit?" Well, most of the class was thinking... "Gee, this is gonna be a quick lecture on how SSL works, and then we'll be done." Well, that was before we figured out that we didn't have a clue how SSL really worked.

We knew that it had to do with certificates, but we thought it had to do specifically with Public Key Infrastructures... Well, it seems it doesn't (although, Wikipedia says it has more to do with PKI than my instructor said... hmm). From what I got from the lecture, SSL connections (HTTPS in particular) work like this:

Client: I want to go to https://www.secure.com/, so I'm gonna need a certificate... HELP!
Certificate Server: the certificate for https://www.secure.com is {cert101}
Client: Okay! Thanks, Certificate Server!
Client: I want to go to https://www.secure.com, I've got this certificate that says to encrypt my communications in such-a-way... So ENCRYPTION ENABLED! Request secure communication with server, key (randomnumbers910832here)
SecureServer: 'Aight! Communication with (randomnumbers910832here) accepted. So... do you have a certificate for this communication?
Client: Yup! Here it is: {cert101}
SecureServe: 'Aight! That's the cert. Wadda need kid?
Client: I wanna go here, do this, upload this, download that, and spend mucho monies on your site.
SecureServer: Okay!
Client: Alight, I think I've run out of money... I'm gonna go away now and watch my credit debt pile up. Laterz!
SecureServer: Mwahahahaha.... *ahem* I mean, okay. Closing connection.

The problem was really the start of communication... It's still a little foggy to me... The client gets the cert from the cert server... Okay, great. But anyone could do that!

Two, when the client goes "I want to go to https://www.secure.com, and I'll encrypt my communication in such-a-way" -- in what way does it encrypt the traffic? And how does the SecureServer know how to decrypt the traffic? I think the traffic is encrypted using the randomnumbers key, but then how would the server be able to decrypt it? Oiii, this still isn't clear enough for me, but since my instructor was turning a dozen shades of red with frustration, I decided not to ask him about it anymore... I think I got the jist of it anyway.

Relevant Links:
TCP/IP Guide: HTTP Security and Privacy,
Wikipedia: Secure Sockets Layer,
Wikipedia: HTTPS

TCP/IP Seminar!
On a side note, I went to that TCP/IP seminar yesterday... It was informative, although the problem was that it was very "bringing old network professionals up to date" with utilities and what-not stuff... Some of the stuff was replay for my class, where other bits were new stuff that was a bit irrelevant to our class... But then again, the seminar was geared toward network professionals that have been in the field, and want a second opinion or to be brought up to speed on some topics. If you take that into account, it was a decent seminar.

I did work a bit with some utilities (Ethereal is so very cool), but my favorite part of the whole thing was watching him PuTTY into Linux boxes and control them and the trip into the server room, where most of the servers are Linux boxes assembled by Penguin Computing! That is so very sweet. I don't recall what distribution he said he was using, I'll have to ask Royce that later. He also mentioned that he's using SmoothWall as his firewall! Totally sweet.