Find what you need
What are you looking for?
Open Question
Answers (2)
-
The main idea of HTTPS is to create a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.
The trust inherent in HTTPS is based on major certificate authorities which come pre-installed in browser software (this is equivalent to saying "I trust certificate authority (e.g. VeriSign/Microsoft/etc.) to tell me who I should trust"). Therefore an HTTPS connection to a website can be trusted if and only if all of the following are true:
- The user trusts the certificate authority to vouch only for legitimate websites without misleading names.
- The website provides a valid certificate (an invalid certificate shows a warning in most browsers), which means it was signed by a trusted authority.
- The certificate correctly identifies the website (e.g. visiting https://example and receiving a certificate for "Example Inc." and not anything else [see above]).
- Either the intervening hops on the internet are trustworthy, or the user trusts the protocol's encryption layer (TLS or SSL) is unbreakable by an eavesdropper.
24 month(s) ago
Comments
-
The "S" in HTTPS indicates a secure site for more details Google your self or visit
http://www.virtu-software.com/ask-doug/QandA.asp?q=7
14 month(s) ago
Comments
Blog
-
Be our guest...be our guest blogger!
Wednesday, June 2nd, 2010, at 6:48 am -
Ask Mike: Why does hair go grey?
Thursday, May 27th, 2010, at 9:58 am
