SSL in depth
I host Web sites, but we’ve only recently [2004] had to start implementing SSL, the Secure Sockets Layer, which turns http into https. I’ve been on the lookout for a good overview of SSL that explains why it is implemented as it is, and I think I’ve finally found one: Chris Shiflett: HTTP Developer’s Handbook: 18. Secure Sockets Layer is a chapter from Shiflett’s book posted on his web site, and boy it is good.
SSL has dramatically changed the way people use the Web, and it provides a very good solution to many of the Web’s shortcomings, most importantly:
- Data integrity – SSL can help ensure that data (HTTP messages) cannot be changed while in transit.
- Data confidentiality – SSL provides strong cryptographic techniques used to encrypt HTTP messages.
- Identification – SSL can offer reasonable assurance as to the identity of a Web server. It can also be used to validate the identity of a client, but this is less common.
Shiflett is a clear technical writer, and if this chapter is any indication, the rest of his book may be worth buying.