Authentication is one of the basic building blocks of computer security. It
is achieved through the execution of an authentication protocol between tw
o or more parties. One such protocol, the Secure Socket Layer (SSL) protoco
l, has become the de facto standard for Web security. This paper provides a
n overview of results and methods used in analyzing authentication protocol
s. The aim is to provide a bird's eye view of the assumptions, methods, and
results that are available for anyone who is interested in designing new s
ecurity protocols or applying a new analysis approach. A detailed descripti
on of the SSL handshake protocol as well as how changes in environment assu
mption can lead to unexpected consequences, is provided. A fix to the weakn
ess is also described.