TLS stands for “Transport Layer Security” and is the successor of “SSL” (Secure Socket Layer). TLS is one of the standard ways that computers on the Internet transmit information over an encrypted channel. In general, when one computer connects to another computer and uses TLS, the following happens:
- Computer A connects to Computer B (no security)
- Computer B says “Hello” (no security)
- Computer A says “Lets talk securely over TLS” (no security)
- Computer A and B agree on how to do this (secure)
- The rest of the conversation is encrypted (secure)
- The meat of the conversation is encrypted
- Computer A can verify the identity of Computer B (by examining its SSL certificate, which is required for this dialog)
- The conversation cannot be eavesdropped upon (without Computer A knowing)
- The conversation cannot be modified by a third party
- Other information cannot be injected into the conversation by third parties.
TLS (and SSL) is used for many different reasons on the Internet and helps make the Internet a more secure place, when used. One of the popular uses of TLS is with SMTP for transmitting email messages between servers in a secure manner. See also:
- How Does Secure Socket Layer (SSL or TLS) Work?
- The Case for Email Security (Why normal email is insecure)
Read the rest of this post »