Let's see what is main difference between http and https. In general means,
http (HyperText Transfer Protocol) that will send everything you do in plan text for any one to read. That is what most websites are running most of the time. However, everything is sent "in the clear"; any info sent over HTTP can be eavesdropped; while
https (HyperText Transfer Protocol over Secure Sockets Layer) encrypts everything you do so that no one else can read what you type except the recipients. It encrypts end-to end all of your communications, making them safe for sensitive data and prevents man-in-the-middle attacks.
To understand this as well, take Yahoo for instance, with encrypting data that you can't just encrypt it and say only yahoo enable to read it. Both party of you and yahoo need to have a so call secret key so that in order yahoo can decrypt what you have sent and encrypt those private stuffs for you to read.
A accomplised by an encryption scheme known as public key. Yahoo puts out a public key so that everyone can encrypt stuff that only yahoo can read its like a one way key: you can package stuff up and send it to yahoo so that they can read it with their private key but some one with a public key cant see what you encrypted.
So you package up a key for yahoo to use to talk to you and you are all set.
WHY ALL internet communication isn't done like this is because of what is known as the man in the middle attack, and its solution.
It's quite simply to pretend to be yahoo.com if you know what you doing. so I pretend to be yahoo and all traffic you think is going to yahoo comes to me. you ask me for my public key I respond back with an fake public private key pair that I made then I ask yahoo for there public key and everything you to I do I just watch for anything interesting like Credit cards etc, an you are non the wiser.
We solved this problem by using what is called a certificate authority. A CA is some one who you pay to vouch for you; Verisign and GoDaddy are the biggest. So every time you make a https connection to amazon you go to a CA and they come back with amazons public key. And every thing is hunky doory. With the exception that this slowed you down considerable yahoo.com has to pay a CA bill every month, and joesmoh.com has to go through a lot of rigormarol to set all this up. Eventually it would make everything run slower in addition more expensive plus more complicated to use exclusively in https.
Suggestion to use, for anything that are sensitive (email logins, banking sessions, etc), HTTPS is the preferred and proper choice. However, for unimportant stuff (forums, simple browsing), HTTPS is not needed. Most pages are served over HTTP because they don't require the security of HTTPs (remember- you have to pay for a certificate, which is expensive), and install it. Also, it puts load on the server- the server has to individually encrypt everything before it sends it, and decrypt any data you send it. So if a website was all HTTPS it would require more powerful hardware to accommodate the same number of users.
Adobe Acrobat X Pro Review - CreativePro.com
13 years ago
No comments:
Post a Comment