In other words, the messages cannot be read or modified by malicious third-parties, but what if we established communication with a malicious actor in the first place? Such a situation can arise during a man-in-the-middle attack, where the low-level network communication is hijacked by a malicious actor who pretends to be the desired recipient of the communication.
But how can we be sure that the entity on the other side of the communication channel, with which we initiated the communication, is what it claims to be? Once we established an encrypted communication we can be sure that the data we send and receive cannot be read or tampered with by third parties. While public key cryptography allows us to communicate securely through an insecure network, it leaves the problem of identity untouched. In the context of public key cryptography, certificates are a way to prove the identity of the owner of a public key.
0 kommentar(er)
