Definitions Edit

Transport Layer Security (TLS) is

[a]n authentication and security protocol widely implemented in browsers and web servers."[1]
[a] protocol that provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. (RFC 2246)[2]

Overview Edit

TLS uses an encrypted channel to obscure message transfers from man-in-the-middle attacks. TLS relies on the Public Key Infrastructure (PKI) system of X.509 public key certificates to carry keying material and provide information about the entity holding the certificate. This is usual generated by a Certificate Authority. The CA ecosystem has in recent years become the subject of attack, and has been successfully compromised more than once. One way to protect against CA compromises is to use the DNS to allow domains to specify the certificates or CAs that the domain intends to use. Such uses of DNS require that the DNS itself be secured with DNSSEC. Correctly configured deployment of TLS may not stop a man-in-the-middle from viewing encrypted traffic, but does practically eliminate the chance of deciphering it.

Transport layer encryption also assures the integrity of data in transit, but senders and receivers who want end-to-end assurance, (i.e. mailbox to mailbox) may wish to implement individual-level authentication and confidentiality protections.

Source Edit

References Edit

  1. NIST Special Publication 800-63.
  2. ISACA, Cybersecurity Fundamentals Glossary 32 (full-text).

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.