For More Information
Security and cryptography are hugely important and hugely complicated topics. If you’d like to learn more about HTTP security, digital cryptography, digital certificates, and the Public-Key Infrastructure, here are a few starting points.
HTTP Security
- Web Security, Privacy & Commerce
Simson Garfinkel, O’Reilly & Associates, Inc. This is one of the best, most readable introductions to web security and the use of SSL/TLS and digital certificates.
- http://www.ietf.org/rfc/rfc2818.txt
RFC 2818, “HTTP Over TLS,” specifies how to implement secure HTTP over Transport Layer Security (TLS), the modern successor to SSL.
- http://www.ietf.org/rfc/rfc2817.txt
RFC 2817, “Upgrading to TLS Within HTTP/1.1,” explains how to use the Upgrade mechanism in HTTP/1.1 to initiate TLS over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well-known port (in this case, http: at 80 rather than https: at 443). It also enables virtual hosting, so a single HTTP+TLS server can disambiguate traffic intended for several hostnames at a single IP address.
SSL and TLS
- http://www.ietf.org/rfc/rfc2246.txt
RFC 2246, “The TLS Protocol Version 1.0,” specifies Version 1.0 of the TLS protocol (the successor to SSL). TLS provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.
- http://developer.netscape.com/docs/manuals/security/sslin/contents.htm ...
Get HTTP: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
