All about HTTPS (part-1)

Why do we even need HTTPS protocol?

When you arrived at this post, do you see any green pad lock on your address bar of the browser just in front of dev.to? Let me tell you what is it and why is it there?

This green lock represents that the site is using HTTPS as its protocol and is relatively more secure than when it is not there.

We need HTTPS for mainly three reasons:

1. Privacy
Lets talk about Privacy first. Lets say we have three people Alice, Bob and Candice. Alice is trying to send messages to Bob and the message is not encrypted meaning plain text. If we don't have HTTPS an evil person like Candice who is jealous of their friendship can listen on the communication and also can capture the messages potentially for doing evil things.

Privacy means that no one can eavesdrop on your messages. The green padlock on the URL bar of our browser tells us that there is no one watching over our shoulder.

2. Integrity
Second comes Integrity. Lets suppose when Alice sends another message to Bob unencrypted saying some nice words, but before it reaches Bob Candice intercepts the message and updates it with bad words about Bob and forwards to him, ruining their friendship. This is called man-in-the-middle attack.
image

Integrity means that the message is not manipulated on the way to its destination.

3. Identification
Lets take the same example from above. Identification means that Bob can check that this message is indeed coming from Alice. A digital signature attached to a message can identify the sender. And when you are browsing the web, identification means that the site that you are visiting is indeed the one you think it is.
HTTPS, via SSL certificates, ensures you are connected exactly with the receiver you would expect. This SSL certificate is valid and has been issued by a legitimate Certificate Authority. You are good to go.
image

Now that we know the why, the next step is to understand symmetric and asymmetric encryption.

21