Professional Documents
Culture Documents
Abstract
A number of decades ago, the Internet was formed. Although it was nothing compared to what it
is today, it created a way for many people to collaborate and share ideas and eventually items
from great distances apart. It opened new worlds and new concepts that could never be
achieved before. However, in the background was a group of people that wanted to do harm to
this infrastructure. With this underground threat, people needed a sense of security to know that
the ideas and concepts were kept from those who might do evil. One of the first widely used and
relatively secure answers to this protection that was sought came in SSL (Secure Socket Layer)
and TLS (Transport Layer Security (which would come later from SSL version 3.0). The history
of these protocols, the implementation and how it works in the internet world, the benefits of SSL
and TLS over other protocols, the known issues, both positive and negative, and the availability
of the this security will be covered in depth in this paper.
In November of 1993 the first popular browser was released. This browser went by the
name of Mosaic and it was created by the National Center for Supercomputing Applications
(Thomas, 2000). Roughly eight months later Netscape communications sought a way to create a
sense of security over that browser by creating SSL version 1.0. Netscape would later create its
own browser with the newer version 2.0 of SSL fully integrated into it, by the name of Netscape
Navigator. Netscape protected this new technology by obtaining a patent on it, but this did not
detour software competitor Microsoft from entering the market. Microsoft, now well known for
its browser Internet Explorer, looked to improve on the SSL technology by making
enhancements to version 2.0, by developing Private Communications Technology (PCT)
TLS is still a rather emerging technology that has much in common with SSL, however
with some improvements and changes to the point that the two are no longer interoperable.
Record Header
Record Data
Record Length
MAC-Data
MAC-Data
Escape-Bit
Actual Data
Actual Data
Padding-Length
Padding-Data
2) Is issuing Certificate
Authority a trusted Certificate Authority?
3) Does issuing Certificate Authoritys public
key validate issuers
digital signature?
References
Blue Coat Systems. (2002). SSL Technology and Applications: How to increase performance
and scalability of secure communications over the web. Retrieved from
http://www.bluecoat.com
Erkomaa, Liisa. (1998). Secure Socket Layer and Transport Layer Security. Helsinki University
of Technology.
Netscape Communications Corporation. (1998). Introduction to SSL. Retrieved from
http://developer.netscape.com/docs/manuals/security/sslin/contents.htm
Netscape Communications Corporation. (1996). The SSL Protocol Version 3.0. Retrieved from
http://wp.netscape.com/eng/ssl3/draft302.txt.
Thomas, Stephen. (2000). SSL and TLS Essentials: Securing the Web. New York, New York:
Wiley Computer Publishing.