SSL Really Secure?

I have been thinking for a while and I dont seem to understand how the downstream of SSL is secure in HTTPS. If the public-key is the same shared between all users then anyone who knows the public-key can decrypt the contents, anyone who accesses the website is given the public-key.

It seems to me that only the upstream (e.g. a POST of credit card information) is secure since only the private key contained on the server can decrypt the contents, however if say for example amazon.co.uk then post a page back saying something like

1111-2222-3333-444
Is this correct? Click okay to contine..

Then anyone with reasonable knowledge and a few low-level tools can sniff and decrypt the message.

I've noticed a few websites over https where if you make a mistake on the form it won't post back any sensitive information, you have to fill it in again, annoying indeed but it makes me think perhaps there is a good reason behind it rather than lazy coders.

I'm I way off here?

Does the client send it's own public-key to server for downstream encryption?

 

 

 

 

Top