On question 1d-se003. The answer is stated as a,b,c,d. I wonder if answer c is correct. How does SSL have the ability to hold state? I understand SSL supports the detection of any data that is tampered with in transit between client and server and rejects falsely inserted data. However I do understand how SSL holds state if its main purpose is to provide secure TCP services to higher-level protocols.
Hi, Before we get into state, an important thing to know about SSL is that it uses Asymmetric Cryptography only to establish the SSL handshake. After that is done, the client and the server communicate using identical symmetric keys. This means that every request the client sends is going to be encrypted with a symmetric key specifically generated by the client and server (using random data and only for that session.) Hence state is an important part of the whole equation. The server has to know who the client is in order to apply the right symmetric key. Hence SSL is a stateful protocol. Other points...HTTP is stateless (though it is based on a TCP connection), so it does not matter what server serves the next request from the same client. Hence load balancing and DNS Round Robin e.t.c work with successive requests from the same client session. HTTPS, on the other hand is stateful. So the same server serves successive requests from the same client session. HTH.
Sanjay Raghavan<br />SCJP2, SCEA-J2EE<br />Moderator - <a href="http://groups.yahoo.com/group/scea_prep" target="_blank" rel="nofollow">SCEA PREP</a><br />Co-Author - <a href="http://www.whizlabs.com/scea/scea.html" target="_blank" rel="nofollow">SCEA@Whiz</a><br /><i>Where did you sip your Java Today?</i>