Understanding How HTTP, HTTPS and WWW Works
Internet was first built by the American defense to communicate. But in the 1960 to 1970 internet is going to be open in public. Internet is the global interconnecting network to exchange information among the computers.
A computer that connects to the internet can access information from a large collection of offered servers and other computers by moving information from them to the computer’s local memory. The globalization of the internet has succeeded faster than anyone could have imagined.
The manner in which social, commercial, political and personal interactions occur is rapidly changing to keep up with the evolution of this global network. Internet plays an increasing role in the success in every step of our life.
Hypertext Transfer Protocol (HTTP) is a protocol for distributed, manual hypermedia information system. In the internet the use of HTTP is a retrieving system of inter-linked resources led to the establishment of the World Wide Web. The development of this protocol was initially coordinated by the WWW Consortium and the Internet Engineering Task Force. HTTP can simply be defined as a request and response standard of a client and a server. Here client is defined as the end user and the server is defined as the web site.
Hypertext Transfer Protocol Secure is a combination of Hypertext Transfer Protocol and network security protocol. HTTP operates at the higher layer of the TCP/IP model. The security protocol operates at the lower sub layer. It encrypts the HTTP message to transmit and decrypts a message when arrival.
The ‘World Wide Web’ or ‘WWW’ means simply as the ‘Web surfing’ or in short ‘the Web’. It is a very large set of interlinked hypertext documents which are accessed through internet. The web pages that contain text, images and videos are navigated using hyperlink.
HTTPS is the industry standard protocol used for securely transmitting data over the internet, in this case web page. It addresses the issues with HTTP but at the same time it operates in exactly the same way, apart from the fact that all data is sent encrypted.
When you visit a website with the https:// prefix you are telling the web server that you want to establish a secure communication path. HTTPS will use a different port (number 443) to ensure that all secure and non secure communications are kept separately. The initial connection establishment sequence goes a little like this:
The client web browser will inspect the certificate that the web server has to ensure its authenticity and make sure that they are who they say they are. Only certain governing bodies are able to issues certificates and these come at a cost to the company who want them.
Once the client has confirmed the certificate is legitimate the browser will check to see what types of encryption the server is offering that it can use.
Upon agreeing on the type of encryption to use the client and server will then exchange unique encryption keys that are used to encrypt the data, only the client and server know about these keys.
Using these keys data transmission begins, before anything is sent it is encrypted and once the other party receives it the data is then decrypted and processed as normal.
This whole process is a lot more complex than regular HTTP communications and because of the extra overhead that is created you might notice a decrease in speed. The same applies to both to the server and client since both have to use extra processing power to encrypt and decrypt any data. With HTTPS though a packet sniffer will only pick up encrypted data which will be useless to a potential attacker
Getting an SSL certificate – An SSL certificate is used for two reasons; firstly it proves the identity of the server who has it. Secondly it is used to encrypt the data itself. These are two totally different considerations that a webmaster should think about before getting a certificate.
If data encryption is the only concern and identity is not such an issue then an SSL certificate can be generated by free software that is widely available on the internet. By doing this the webmaster would offer full data encryption to and from the client but without the proof of identity.
On the other hand companies such as VeriSign and Thawte are very big and reputable companies who offer the same certificates that offer the same level of encryption but for a yearly fee. The difference here is that your site will have proven identity certificate and users can rest assured that your site is legitimate.
You will find that many only retailers will buy these certificates from companies like VeriSign so they can prove who they are and give customers the peace of mind they need before entering things like credit card details on their site.