Hypertext Transfer Protocol (HTTP)
Find us on the Internet! I was looking on the Internet, and I cant access the Internet!
These phrases all have one thing in common, apart from being heard many times every day. They are all technically wrong. 99% of the time people use the phrase the Internet, they actually mean the World Wide Web or WWW for short.
The web is comprised of millions of servers on the Internet, running web server applications that send (serve up) HTML218 (pages to client machines that access them via web browsers. There is a lot of technology at work to make this happen!
At the server end, HTTP219 web server software (such as Apache or Microsoft IIS) waits to receive requests from HTTP clients (such as Netscape or Internet Explorer). When a request for data is received, the HTTP server sends back the data the client requested in HTML format. Depending on the type of data requested, the server may be required to do some processing before sending the data back. You have no doubt seen HTML pages with .php, .asp or similar extensions. These are simply text files with source code inside that instructs the HTTP server to perform certain operations. This works in a similar manner to any conventional programming language such as BASIC or C++, except that in this case the server performs the work and sends the result to the client, instead of all the work being done on the client.
At the client end, an HTTP client (such as Netscape, Internet Explorer or Mozilla) sends requests to HTTP servers and waits to receive the replies. These replies come back in the form of HTML pages, which contain special codes that an HTTP client can understand. The client uses these codes to control the formatting and content of the page displayed to the user, such as embedding images into text.
While the standard (non-secure) version of HTTP uses port 80, there are also two secure versions available, known as S-HTTP (Secure-HTTP) and SSL (Secure Sockets Layer). S-HTTP is rarely used, and its close relative SSL is far more prevalent.
SSL (also known as HTTPS, after the URL prefix it uses) is a mechanism by which communication on the web can be secured. By using PKI220 technology, it is possible to secure the communication between web server and client so that confidential information can be exchanged. This is most often used in online commerce, where websites accept payments via credit card. Sending your credit card details over the public Internet in unencrypted form is plainly a bad idea, so SSL has been exceptionally important to online retailers and others who require secure communications.
SSL works by using digital certificates to create a chain of trust. There are a number of certificate authorities around the world, who are trusted to be responsible organizations. The most well known company of this type is Verisign. Verisign stake their reputation on being responsible, so much so that we rely on them being trustworthy enough to secure our credit card details when we make online purchases. To confirm we rely on them, we install a certificate to our client machines (actually, Microsoft includes the Verisign certificate by default). This certificate, called the root certificate, says to our web browser, I trust Verisign to keep my details safe, and here are the encryption details to do so.
When an online retailer wishes to use SSL to secure purchases over the web they request a certificate from one of these responsible organizations, such as Verisign. Verisign then go through a lengthy process of verifying the retailer really is who they say they are, and that they in turn are trustworthy. If they pass Verisign checking procedures, they are issued with a certificate that they install on their web server.
When you browse to this retailers website and get ready to make a payment, your web browser is told to make an SSL connection to the server. In doing so, your browser retrieves the details of the certificate the retailer installed previously. It checks the certificate to see who issued it in this case, Verisign. Because the Verisign root certificate is already installed on our machine, our browser sees that we trust Verisign to be responsible and therefore it is safe to create a secure connection to the server. If the certificate retrieved from the retailer does not match a root certificate already installed on our local machine, a warning is displayed221.
Note that having a certificate from a recognized certificate authority does not mean the retailer will not steal your money! It is simply one measure of trust, and you should always use common sense and caution when giving out personal details online.
HTTP uses TCP port 80 to communicate; SSL (HTTPS) uses TCP port 443.
218. Hyper Text Markup Language
219. Hyper Text Transfer Protocol
220. PKI stands for Public Key Infrastructure, and is a method of exchanging encrypted data securely so that an unauthorized 3rd party cannot decrypt it. PKI is extremely complex and outside the scope of this chapter.
221. The specifics of how an SSL session is created using shared keys and public/private encryption is outside the scope of the A+ exam.
Home - Table Of Contents - Contact Us
CertiGuide to A+ (A+ 4 Real) (http://www.CertiGuide.com/apfr/) on CertiGuide.com
Version 1.0 - Version Date: March 29, 2005
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.