Thanks Ulf for the detailed explanation .
(As an aside, make sure you understand the difference between an encoding and an encryption).
spot on - that should have been encryption / decryption rather than encode /decode . Thank you.
I am still confused with a few points though
To quote Greg in earlier post ::
However, SSL does not require authentication and provides the DH anonymous ciphersuites for unauthenticated connections. These ciphersuites are also implemented in the JSSE, and can be identified by the string 'DH_anon' in the SunJSSE provider documentation
Question A ::
So my understanding is - SSL can also be used without a "authenticating" certificate ?
This may be rarely used - but if so desired can be used without a certificate ?
To further quote ::
#2 and #3 - Those are the same (HTTPS always involves a certificate). ...
So Ulf believe you are referring to the most used and predominant usage of https ( with certificates ) ?
Question B ::
who is responsible for the encryption ?
( when we use ssl with certificates )
Is the encryption an inherent part of https or is it the certificate that specifies the encryption /decryption algorithm
but these days always every certificate uses 128 bit.....
From this statement of yours - i guess its the certificate that decides the algorithm for encryption / decryption
Question C ::
So if I create a certificate using keytool can I guarantee that it uses 128 bit ?
and if so than why should I spend a lot of money to buy a certificate from these companies .
If my certificate is as secure as theirs ( agreed their algorithms will be more complex ) - but as Ulf specified if keytool gives me 128 bit than thats a tought nut to crack right ?
Question D ::
Continuation of question C
So the value addition of a certifying authority is that they are "trusted"
I recently had read a KPMG pdf downloaded article regarding how certifying authorities are now also issuing certificates minus the authentication !
( agreed - end users customers may not trust a certificate posing as "satish bodas" not signed by Thawte / verisign etc )
Question E :: ( final question honest ! )
where can I get a good read / understanding about the public / private key ?
Thank you Greg , Pat and Ulf for enhancing my knowledge .
Regards,
~satish