Transport Layer Security

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search
m
m
Line 9: Line 9:
==How It Works==
==How It Works==
-
[[Image:sslsecurity.gif|thumb|500px|right|'''Transport Layer Security'''<br>Explanation.]]
+
[[Image:sslsecurity.gif|thumb|500px|right|'''Transport Layer Security'''<br>If more than one connection is to be made, multiple SSL connections must be opened.]]
TLS is used when the client wishes to open a secure connection to contact the server.  The protocol allows each side to authenticate, so each side can be sure of whom they are communicating with.  Both parties select the encryption algorithm to be used; it must be one that both sides support.  TLS then allows the two sides to establish an encrypted connection.  This is the highest level of security afforded, however many times only the server authenticates, and the client remains unauthenticated.  This is less secure as the server cannot ensure that the client is who they claim to be, but this method is suitable under certain circumstances.
TLS is used when the client wishes to open a secure connection to contact the server.  The protocol allows each side to authenticate, so each side can be sure of whom they are communicating with.  Both parties select the encryption algorithm to be used; it must be one that both sides support.  TLS then allows the two sides to establish an encrypted connection.  This is the highest level of security afforded, however many times only the server authenticates, and the client remains unauthenticated.  This is less secure as the server cannot ensure that the client is who they claim to be, but this method is suitable under certain circumstances.
 +
 +
If a message needs to go through multiple points to reach its destination, a new SSL connection must be opened for each intermediate point. In this model, the original message from the client is not cryptographically protected on each intermediary because it traverses intermediate servers and additional computationally expensive cryptographic operations are performed for every new SSL connection that is established.
 +
Line 23: Line 26:
==References==
==References==
-
 
+
* 1: "Chapter 3: Implementing Transport and Message Layer Security", Microsoft Developer Network, [http://msdn2.microsoft.com/en-us/library/aa480582.aspx http://msdn2.microsoft.com/en-us/library/aa480582.aspx]
==External Links==
==External Links==
 +
* [http://msdn2.microsoft.com/en-us/library/aa480582.aspx Implementing Transport and Message Layer Security]
 +
<br>
<br>
----
----
-
--[[User:Milesj2|Milesj2]] 20:41, 10 April 2008 (EDT)
+
--[[User:Milesj2|Milesj2]] 20:59, 10 April 2008 (EDT)

Revision as of 00:59, 11 April 2008

Transport Layer Security (TLS) is a cryptographic protocol that ensures privacy for communication over the Internet. It is the successor of the Secure Sockets Layer (SSL) protocol, though there are only minor differences that separate the two.


Contents

History

During the mid 1990s, it became obvious that security was necessary for Internet commerce. Many different mechanisms were proposed by different groups. Netscape, Inc. was the group that initially developed the SSL protocol. While this was never formally adopted by the Internet Engineering Task Force (IETF), SSL was the basis of the IETF-designed protocol TLS which was first defined in 1999. In fact, SSL and TLS are so similar that most implementations of SSL support TLS, and both protocols use the same port number.

How It Works

Transport Layer Security
If more than one connection is to be made, multiple SSL connections must be opened.

TLS is used when the client wishes to open a secure connection to contact the server. The protocol allows each side to authenticate, so each side can be sure of whom they are communicating with. Both parties select the encryption algorithm to be used; it must be one that both sides support. TLS then allows the two sides to establish an encrypted connection. This is the highest level of security afforded, however many times only the server authenticates, and the client remains unauthenticated. This is less secure as the server cannot ensure that the client is who they claim to be, but this method is suitable under certain circumstances.

If a message needs to go through multiple points to reach its destination, a new SSL connection must be opened for each intermediate point. In this model, the original message from the client is not cryptographically protected on each intermediary because it traverses intermediate servers and additional computationally expensive cryptographic operations are performed for every new SSL connection that is established.


Security Measures

Applications

See Also

References

External Links




--Milesj2 20:59, 10 April 2008 (EDT)

Personal tools