A Brief Discussion of TLS Technology
As the Internet grows by leaps and bounds, so does the need to protect valuable data. In fact, data has become the one of the most sought after things of value in the world today and some people will do just about anything to get their hands on it. The easiest ways to steal information is to intercept communications between two parties online. This is why protocols like SSL (secure socket layer) and TLS (transport layer security) have been developed. However, the two are not the same thing and it's important to understand the differences in the 21st Century. Let's explore the subject of TLS a little deeper to give you a better idea of what it is.
Before TLS There Was Secure Socket Layer Technology
Since secure socket layer came first, it makes sense to talk about it first, instead of TLS. When the Internet was just a baby, Netscape was king (as far as Web browsers were concerned). The creators of Netscape had a great deal of vision back then and understood that there was a big need for secure communications between user and server computer. Without this kind of technology, you would not be able to use your credit card to make a purchase online, because it would be too easy to steal your personal information. Secure socket layer was the standard before being replaced by TLS.
One of the most innovative things about the new technology is the encryption keys. For example, when you log on to a website with a username and password, your password (security key) remains constant and so does the manner in which it is interpreted by the web server. You can change the password if you like but are not obligated to, unless there has been a security issue. Plus, encryption keys are different from one session to the next.
Secure But Not Secure
With some forms of security, you try your best to keep something from falling into the hands of an outside source. This is not the case with secure socket layer or TLS technology. Your communications can be intercepted, but they cannot be deciphered without the key and the key is the main component which keeps everything safe and secure.
Your browser contacts the website server and the two get together and decide on an encryption code for the session. It takes a few back and forth communications before everything can be agreed up. In fact, when an agreement is reached it is known as a "handshake". The codes are then discarded after the session is over. This is the basics of TLS and secure socket layer, without going into a lot of complicated details.
The Evolution of TLS
TLS has come about from an evolutionary process. At first there was a 1.0 version of secure socket layer protocol way back in 1994. This did not even make it to the Internet. Next was version 2.0 which was an improvement and was included in the initial version of Netscape Navigator. However, there was really no handshake security and it used the same keys for encryption and authentication, making it vulnerable to a number of attacks.
Secure Socket Layer 3.0 was released around the turn of the 21st Century and represented a major upgrade over 2.0. It added considerable support for authenticating user and server. However, secure socket layer protocol was still not standardized. Major upgrades were on the way and after 3.0 they would be known as transport layer security or TLS.
TLS Version 1.0
The TLS upgrade of secure socket layer technology was originally designed to protect the communications between server and client so they could not be decoded. There were four main goals of TLS:
- Allow for future growth and development
- More secure cryptography
- Easier communications between client and server
- Security efficiency
What Happened to Secure Socket Layer?
Although TLS is not the same mystery as what happened to Neanderthal Man. The results could be similar. For instance, Neanderthal either interbred or became extinct. This could have been a natural or forced extinction. In any manner, the human race goes on. The same is true for secure socket layer technology and the manner in which it has become TLS. In essence, secure socket layer is only a term which is now used to describe TLS.
Why is the term transport layer security or TLS seldom used? It might be because so many people were used to secure socket layer terminology they feel more comfortable using it today and TLS might only serve to confuse. It really doesn't matter though. When you go to a trusted security authority like Comodo, you can find some of the best SSL certificate deals on the Web at https://www.instantssl.com right now.