最近在读和SSL相关的内容,做了些整理
[资源1]
Secure Sockets Layer (SSL) Protocol Overview Secure Sockets Layer (SSL) is the most widely used protocol for implementing cryptography on the Web. SSL uses a combination of cryptographic processes to provide secure communication over a network. This section provides an introduction to SSL and the cryptographic processes it uses. 【译文】SSL 协议是在Web信息传输中应用最广泛的加密协议。SSL 在网络中提供了一系列的密码机制提供安全的信息通信。这部分内容将主要介绍SSL和加密过程。
SSL provides a secure enhancement to the standard TCP/IP sockets protocol used for Internet communications. As shown in the “TCP/IP Protocol Stack With SSL” figure below, the secure sockets layer is added between the transport layer and the application layer in the standard TCP/IP protocol stack. The application most commonly used with SSL is Hypertext Transfer Protocol (HTTP), the protocol for Internet Web pages. Other applications, such as Net News Transfer Protocol (NNTP), Telnet, Lightweight Directory Access Protocol (LDAP), Interactive Message Access Protocol (IMAP), and File Transfer Protocol (FTP), can be used with SSL as well. 【译文】在互联网中,SSL 基于TCP/IP 提供了安全的信息交互协议。正如下面所示,在TCP/IP协议的传输层和应用层中间增加了安全的Socket层。应用层的HTTP通常使用SSL提供超文本传输,这个协议在互联网的网页中非常常见。其他的应用程序,比如NNTP,Telnet,LDAP,IMAP和FTP 都可以应用SSL 协议。
Note: There is currently no standard for secure FTP. 目前没有标准的安全的FTP协议。
TCP/IP Protocol Stack With SSL | TCP/IP Layer | Protocol | Application Layer | HTTP, NNTP, Telnet, FTP, etc.| | Secure Sockets Layer | SSL | | Transport Layer| TCP| | Internet Layer| IP|
具有SSL的TCP/IP 协议栈 | TCP/IP 层次| 协议名 | 应用层| HTTP, NNTP, Telnet, FTP, etc.| | 安全 Sockets 层 | SSL | | 传输层 | TCP | | 广域网层 | IP |
SSL was developed by Netscape in 1994, and with input from the Internet community, has evolved to become a standard. It is now under the control of the international standards organization, the Internet Engineering Task Force (IETF). The IETF has renamed SSL to Transport Layer Security (TLS), and released the first specification, version 1.0, in January 1999. TLS 1.0 is a modest upgrade to the most recent version of SSL, version 3.0. The differences between SSL 3.0 and TLS 1.0 are minor.
SSL是1994年网景公司和社区公共开发的,现在已经成为一个标准的传输协议。这个协议目前接受IETF管理,IETF 把SSL 重命名为TLS ,并且在1999年1月发布了第一个规范 TLS 1.0. 这个规范 被升级到目前最近的版本SSL 3.0 , SSL3.0 和TLS1.0之间只是做了很小的调整。
Why Use SSL? 为什么使用SSL? Transferring sensitive information over a network can be risky due to the following three issues:
You cannot always be sure that the entity with whom you are communicating is really who you think it is.Network data can be intercepted, so it is possible that it can be read by an unauthorized third party, sometimes known as an attacker.If an attacker can intercept the data, the attacker may be able to modify the data before sending it on to the receiver.
在网络中传输敏感信息会冒很大的风险,会面临以下三个问题的影响: 1.你不能保证你正在交互的实体就真的是你想联系的那个。 2.网络中的数据可以被第没有经过允许的第三方拦截,往往这个第三方就是一名黑客。 3.如果数据可以被拦截,那么黑客就能够在数据到达接收方之前修改数据。
SSL addresses each of these issues. It addresses the first issue by optionally allowing each of two communicating parties to ensure the identity of the other party in a process called authentication. Once the parties are authenticated, SSL provides an encrypted connection between the two parties for secure message transmission. Encrypting the communication between the two parties provides privacy and therefore addresses the second issue. The encryption algorithms used with SSL include a secure hash function, which is similar to a checksum. This ensures that data is not modified in transit. The secure hash function addresses the third issue of data integrity. SSL 解决了这些问题,它通过身份认证来识别通信的一方或者双方。一旦身份被确认,SSL在通信双方提供一个加密的信息通信来解决第二个问题,SSL中使用的加密算法提供了哈希功能,这个就像checksum,这就确保了传输过程中信息没有被修改,因此解决了第三个问题。
Note, both authentication and encryption are optional, and depend on the the negotiated cipher suites between the two entities. 注意,身份认证和机密都是可选的,他取决于通信双方的密码协商机制。
The most obvious example of when you would use SSL is in an e-commerce transaction. In an e-commerce transaction, it would be foolish to assume that you can guarantee the identity of the server with whom you are communicating. It would be easy enough for someone to create a phony Web site promising great services if only you enter your credit card number. SSL allows you, the client, to authenticate the identity of the server. It also allows the server to authenticate the identity of the client, although in Internet transactions, this is seldom done.
懂得接受失败的人,就是懂得人生真谛的人,
