Transport Layer Security
From Computing and Software Wiki
(added applications, see also, references, external links) |
m |
||
| Line 5: | Line 5: | ||
==History== | ==History== | ||
| - | During the mid 1990s, it became obvious that security was necessary for Internet commerce. Many different mechanisms were proposed by different groups. Netscape, Inc. was the group that initially developed the SSL protocol. While this was never formally adopted by the Internet Engineering Task Force (IETF), SSL was the basis of the IETF-designed protocol TLS which was first defined in 1999.[1] | + | During the mid 1990s, it became obvious that security was necessary for Internet commerce. Many different mechanisms were proposed by different groups. Netscape, Inc. was the group that initially developed the SSL protocol. While this was never formally adopted by the Internet Engineering Task Force (IETF), SSL was the basis of the IETF-designed protocol TLS which was first defined in 1999.[1] In fact, SSL and TLS are so similar that most implementations of SSL support TLS, and both protocols use the same port number. |
==How It Works== | ==How It Works== | ||
| - | [[Image:sslsecurity.gif|thumb|500px|right|'''Transport Layer Security | + | [[Image:sslsecurity.gif|thumb|500px|right|'''Transport Layer Security'''<br>Multiple TLS/SSL connections must be opened if the message passes through several points. [2]]] |
TLS is used when the client wishes to open a secure connection to contact the server. The protocol allows each side to authenticate, so each side can be sure of whom they are communicating with. Both parties select the encryption algorithm to be used; it must be one that both sides support. TLS then allows the two sides to establish an encrypted connection. This is the highest level of security afforded, however many times only the server authenticates, and the client remains unauthenticated. This is less secure as the server cannot ensure that the client is who they claim to be, but this method is suitable under certain circumstances. [1] | TLS is used when the client wishes to open a secure connection to contact the server. The protocol allows each side to authenticate, so each side can be sure of whom they are communicating with. Both parties select the encryption algorithm to be used; it must be one that both sides support. TLS then allows the two sides to establish an encrypted connection. This is the highest level of security afforded, however many times only the server authenticates, and the client remains unauthenticated. This is less secure as the server cannot ensure that the client is who they claim to be, but this method is suitable under certain circumstances. [1] | ||
If a message needs to go through multiple points to reach its destination, a new TLS connection must be opened for each intermediate point, as diagrammed at right. In this model, the message from the client is not protected cryptographically at each server due to the computationally expensive cryptographic operations that are performed for every new TLS connection that is established. [2] | If a message needs to go through multiple points to reach its destination, a new TLS connection must be opened for each intermediate point, as diagrammed at right. In this model, the message from the client is not protected cryptographically at each server due to the computationally expensive cryptographic operations that are performed for every new TLS connection that is established. [2] | ||
| - | |||
==Security Measures== | ==Security Measures== | ||
| Line 32: | Line 31: | ||
* [http://msdn2.microsoft.com/en-us/library/aa480582.aspx Implementing Transport and Message Layer Security] | * [http://msdn2.microsoft.com/en-us/library/aa480582.aspx Implementing Transport and Message Layer Security] | ||
| - | |||
| - | |||
---- | ---- | ||
--[[User:Milesj2|Milesj2]] 02:33, 11 April 2008 (EDT) | --[[User:Milesj2|Milesj2]] 02:33, 11 April 2008 (EDT) | ||
Revision as of 06:38, 11 April 2008
Transport Layer Security (TLS) is a cryptographic protocol that ensures privacy for communication over the Internet. It is the successor of the Secure Sockets Layer (SSL) protocol, though there are only minor differences that separate the two.
Contents |
History
During the mid 1990s, it became obvious that security was necessary for Internet commerce. Many different mechanisms were proposed by different groups. Netscape, Inc. was the group that initially developed the SSL protocol. While this was never formally adopted by the Internet Engineering Task Force (IETF), SSL was the basis of the IETF-designed protocol TLS which was first defined in 1999.[1] In fact, SSL and TLS are so similar that most implementations of SSL support TLS, and both protocols use the same port number.
How It Works
Multiple TLS/SSL connections must be opened if the message passes through several points. [2]
TLS is used when the client wishes to open a secure connection to contact the server. The protocol allows each side to authenticate, so each side can be sure of whom they are communicating with. Both parties select the encryption algorithm to be used; it must be one that both sides support. TLS then allows the two sides to establish an encrypted connection. This is the highest level of security afforded, however many times only the server authenticates, and the client remains unauthenticated. This is less secure as the server cannot ensure that the client is who they claim to be, but this method is suitable under certain circumstances. [1]
If a message needs to go through multiple points to reach its destination, a new TLS connection must be opened for each intermediate point, as diagrammed at right. In this model, the message from the client is not protected cryptographically at each server due to the computationally expensive cryptographic operations that are performed for every new TLS connection that is established. [2]
Security Measures
Applications
TLS is most commonly run with the application protocol HTTP to form HTTPS. It can also be run with any other protocol that needs dependable connections. [3]
See Also
References
- 1: Comer, Douglas E. (2006) "Internetworking with TCP/IP: Principles, Protocols, and Architecture, Fifth Edition" Upper Saddle River: Pearson Prentice Hall. ISBN 0-13-187671-6.
- 2: "Chapter 3: Implementing Transport and Message Layer Security", Microsoft Developer Network, http://msdn2.microsoft.com/en-us/library/aa480582.aspx Retrieved on 2008-04-08.
- 3: "Transport Layer Security", Wikipedia, http://en.wikipedia.org/wiki/Transport_Layer_Security Retrieved on 2008-04-08.
External Links
--Milesj2 02:33, 11 April 2008 (EDT)
