Clueless

SSL - the reality

All the misleading facts, that we come to accept as the norm. The aim is to look at SSL and disect the misconception of what it stands for, and attempt to put into perspective without the marketing hype and fake misleading claims. This is an interpretation for easier understanding by end users


What is SSL?

SSL is an abbreviation for "Secure Socket layer". Which actual means exactly what it says. ( an encryted tunnel between two points ) In a nutshell it is a secure connection between two points, with the purpose of sending data between these two points, that may be considered "sensitive". Thats all it is, nothing more and nothing less.

What does SSL do?

By initiating an encrypted tunnel between two points, it allows you to send data betwwen these two points, with an extremely high likelyhood that it will not be intercepted by a third party.

How does SSL work?

SSL requires a few things to work, mainly a Public and a Private Key. SSL is commonly used for secure communications and user authentication between clients and servers on the Web. ie Between Browsers and Servers. There are many other uses, however we will only cover usage primarily for so called eCommerce Transactions.

A browser requests a Secure connection from a server by using the following prefix to the domain name, namely "https" and the server responds on port 443. The server sends an encryted tunnel to the browser with the following infomation, sending of a public key to encrypt data that's transferred over the SSL connection (to create ), that includes infomation identifying itself , so that the browser can complete its end of the encrypted tunnel. Once the browser accepts this infomation, it creates this tunnel, infomation can be passed beteen the points securely. The private key remains on the server and should not be accessible to the outside world.

What is a SSL Cerificate?

SSL Certificates form the basis for secure communication and client and server authentication on the Web. i.e The Cerificate is an SSL public key ( generated by your server ) that has been digitally signed to confirm the following infomation included in itself : The identity of the server ands the Domain name / website.

This can be accomplished in two ways.
Creating a keypair that is sent to a Key signing organization CA ( Certifying Authority ), that verifies the identity of the request, signs the key once they have validated the info contained in the key signing request, charges you money, then returns the key for you to use.
The other option is you generate the key and sign it yourself, ensuring that you include infomation ( Domain registration infomation ) that is verifiable and relevent to the Domain that you are generating the Certificate for. The process is actually the same and the very same SSL connection is produced, without having to pay absorbitant amounts of money.

What is SSL meant to do?

 

What is SSL claimed to do?
The Marketing Sales Hype

 

The need for SSL

 

The misconceptions?

 

The fake claims

© Badproviders - providers of bad internet services and internet abuse :: based on design by edwd ::  powered by pissed off at its best