computers are called «protocols». Computers use different protocols for different purposes. The protocol used to «exchange» web pages data is HTTP: HyperText Transfer Protocol GET /awesome-cat.png Host: emergencykittens.tumblr.com 200 OK Content-Length: 120321 Content-Type: image/png Kg£™ä€´øîÙƺo{›ùêxãøönÊ"w¤ ¢\9’wyŒ@ÉP úÔÀ|ðó¦–× ¢\9’wyŒ@ 1o:ÓËÉ#÷.‹@ô1ÀàÅtlD 2N`+0;HA®þOÇÝÊ@$#W&Y—ÀOà@˜ ¦²‹ úÔÀ úÔÀ É1¼^„«&óÀÌËÐKÅqƺo{›ùêxãøönÊ"w¤ ¢\9’wy úÔÀ úÔÀ úÔÀÙƺo{›
defend ourself from anyone «eavesdropping» is to «speak in code». Modern cryptography used by computers is asymmetric: the encryption key and the decryption key are two different keys.
The sender knows only the public key and uses it for the encryption Original Data Encrypted Data Decrypted Data (same as original) Asymmetric Cryptography The keys «couple» is generated by the recipient
sends the message has to know the public key of the recipient. When computers communicate via HTTP, the public key of dei server è resa nota tramite un certificato. The cryptographic protol used to encrypt HTTP coomuncation is TSL, that is the successor of SSL, and certicates connecting a domain with a public key, enabling the encrypted communication, are often called «SSL certificates»
understand... When HTTP communications are encrypted, thanks to an SSL certificate, we talk about HTTPS: that basically is a more «secure» variant of HTTP thanks to TSL encryption.
a server which has a SSL certificate even the most «basic») communication change from HTTP to HTTPS. The browser shows a «padlock» next to the address. With HTTPS we are always sure that: The website we are seeing is really the one that the URL in the address bar is showing All sent and received data is encrypted, so can’t be eavesdropped nor can be compromised.
ago SSL certificates were for sale, so only who handled sensible data (passwords, credit cards...) were bound to have them. In 2018 for first time the number of websites using HTTPS exceeded the number of websites using just HTTP. Today a «basic» SSL certicate (DV) can be obtained for free thanks to the not-for-profit authority Let’s Encrypt
is today completely free and easy to obtain every website should have one. Google Chrome, most popular browser in the world, since 2017 shows a «Not secure» warning for websites not using HTTPS.
besides allowing encrypted data exchange guarantees the authenticity of the domain, in fact «DV» stands for «Domain Validation». It is true that a missing certificate means missing security, but presence of a DV certificate does not mean «full» security. Basically, a DV SSL certificate garantees the connection sicurity, but do not guarantee anything about the certificate holder.
certificates that not only guarantee the connection security (no more than a DV certificate), but also guarantee for the owner of the certificate. These are the OV (Organization Validation) and EV (Extended Validation) certificates. Those are not for free (quite expensive, actually), and the procedure for getting them takes time. The browser tell us in case of an EV certificate.