Next: , Previous: , Up: Understanding Internet Security   [Index]

1.2 "Insecure" Communications—Understanding the HTTP Protocol

HTTP, or Hypertext Transport Protocol, officially described in RFC 2616, is the standard protocol for web communication. Web clients ("browsers") establish sockets with web servers. HTTP uses the established port 80.

After the socket has been established, the web browser begins following the rules set forth by the HTTP protocol to request documents. HTTP started out as a fairly simple protocol. Over the years, HTTP has been refined quite a bit and optimized for bandwidth, speed, and security features.

HTTP was also the primary motivator for SSL. Originally, SSL didn’t stand on its own; it was designed as an add-on to HTTP, called HTTPS. Although SSL was subsequently decoupled from HTTP, some of its features were optimized for HTTP, leaving it to be a bit of a square peg in a round hole in some other contexts.

Because HTTP and SSL go so well together, in this book I motivate SSL by developing an HTTP client and adding security features to it incrementally, finally arriving at a working HTTP/SSL implementation.