# HTTPS
---
## Why do we want security anyway?
---
### Privacy
---
### Integrity
---
### Identification
---
## Certificate Authority
---
- CA are third party companies that:
- Issue certificates
- Confirm identities of certificate owners
- Prove validiity of certificates.
- Root store is a database of trusted CAS. Microsoft, apple, and mozilla have their own that they pre-install for their browsers
---
## HTTPS
---
## HTTP (no S)
---
## How is HTTPS different?
It's still the same conversation between a browser and server! But now it's got **T**ransport **L**ayer **S**ecurity...
---
## What is TLS?
TLS = Transport Layer Security
- Encrypts the communication between web applications and servers
- HTTPS is an implementation of TLS encryption (any site using HTTPS is employing TLS encryption)
- TLS helps protect against attacks
---
## Keys
- Symmetric vs asymmetric
- Private and public (asymmetric) keys are used to encrypt the pre-master key meaning nobody will be able to intercept it
- Pre-master key + master key (both symmetric)
---
### How does TLS work?
- Encryption: Hides data from third parties
- Authentication: Ensures parties are who they claim to be
- Data encrypted with the public key can only be decrypted with a private key and vice versa
- Integrity: Is the data free from tampering?
- Data is signed with a Message Authentication Code (MAC) and verifies the integrity of the data
---
### TLS Handshake
- Before exchanging data the browser and server need to agree first on a common set of algorithms to secure the connection
---
---
## Any Questions?
{"metaMigratedAt":"2023-06-15T06:12:36.386Z","metaMigratedFrom":"Content","title":"HTTPS","breaks":true,"contributors":"[{\"id\":\"b0c18fac-267d-47b1-9eaf-ccae71a12c3d\",\"add\":2002,\"del\":1430},{\"id\":\"bd6764bd-ae37-4f90-bb83-98f8266bf1dd\",\"add\":2957,\"del\":846},{\"id\":\"84d28a23-6942-43f3-a6ba-6835bb139040\",\"add\":1521,\"del\":2043},{\"id\":\"11eba2be-5fbb-4639-85ec-7ad40264d41d\",\"add\":514,\"del\":277}]"}