1.2.7 Mutual Authentication
(Also refer to 4.3)
Mutual authentication involves both parties authenticating themselves to each other. Its a two-way transaction. IE, the server authenticates itself to the client and the client authenticates itself to the server. As described in section 1.2.1, Kerberos can be configured to use mutual authentication. Another option is for a client and a server to trust a third party, such as a certificate authority, which can authenticate each party to the other.
Why bother to do this? Shouldnt the client trust their organizations server? MAYBE. But most likely, the answer to, Shouldnt the client trust that arbitrary e-commerce site they reached via a web link? is PROBABLY NOT. The client may want to verify that it is connecting to the real server it requested, rather than an impostor run by a malicious user. If youre connecting to an e-commerce web site, and about to provide your personal information and credit card number, you might want to make sure that the server really is the one you think it is. Malicious users have perpetrated more than one web scam by duping users into entering credit card information into a fake copy, run by the scammer, of a well-known e-commerce site.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.