Re: file transfer security WAS RE: file sharing

Subject: Re: file transfer security WAS RE: file sharing
From: Lou Quillio <public -at- quillio -dot- com>
To: TECHWR-L <techwr-l -at- lists -dot- techwr-l -dot- com>
Date: Fri, 23 Jun 2006 15:08:31 -0400

Spreadbury, David wrote:
> In the lower-right area of the status bar the padlock will indicated a
> locked condition.
>
> In the lower-left area of the status bar, the URL will denote
> https://...

What Dave said. Of course, your browser's location bar will show
the HTTPS pseudo-protocol too, in the URL. I say pseudo-protocol
because HTTPS means HTTP over SSL (secure sockets layer). It's a
network protocol with an authentication/encryption layer beneath it,
and is probably best termed a convention.

Let's be thorough. Remember that the subjects of encryption and
authentication are related and often discussed together, but aren't
exactly the same thing. HTTPS doesn't necessarily mean that both
are properly in place.

To get a better idea of what that "HTTPS" in your browser is telling
you, try mousing-over or double-clicking the padlock icon Dave
mentions. In most browsers you'll get an indication of the URL's
authenticated status and the type of encryption in use. In Firefox
the feedback is detailed (can't say about IE right now, cuz I'm
running it under WINE on my Linux box, and it behaves differently
that way).

Here's the Firefox Security Info dialog for my credit union (great
folks!):

http://revectored.com/postedElsewhere/TECHWR-L/FF_SecurityInfo_CapComFCU.png

Very tight 256-bit AES encryption, and certificate-based assurance
that I am in fact connected to Capital Communications FCU. What
about that certificate, though?

http://revectored.com/postedElsewhere/TECHWR-L/FF_CertificateInfo_CapComFCU.png

Verisign. Big player, lots to lose if they screw up, so I'm good
with that (*never* register domains nor host with Verisign, though,
unless you dislike money).

What can I do with this certificate information? I can telephone
CapComFCU and ask them for the SHA1 fingerprint of their SSL
certificate, which they'll read to me. As long as it matches, we're
good to go.

You can see that, on the matter of authentication, the existence of
a certificate doesn't mean anything by itself. Rather a system's in
place that -- as long as my browser implements things properly --
empowers users to assure _themselves_ of the other party's identity.

LQ
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WebWorks ePublisher Pro for Word features support for every major Help
format plus PDF, HTML and more. Flexible, precise, and efficient content
delivery. Try it today!. http://www.webworks.com/techwr-l

Doc-To-Help includes a one-click RoboHelp project converter. It's that easy. Watch the demo at http://www.DocToHelp.com/TechwrlList

---
You are currently subscribed to TECHWR-L as archive -at- infoinfocus -dot- com -dot-

To unsubscribe send a blank email to
techwr-l-unsubscribe -at- lists -dot- techwr-l -dot- com
or visit http://lists.techwr-l.com/mailman/options/techwr-l/archive%40infoinfocus.com


To subscribe, send a blank email to techwr-l-join -at- lists -dot- techwr-l -dot- com

Send administrative questions to lisa -at- techwr-l -dot- com -dot- Visit
http://www.techwr-l.com/techwhirl/ for more resources and info.


References:
RE: file transfer security WAS RE: file sharing: From: Spreadbury, David

Previous by Author: Re: file sharing
Next by Author: Re: file sharing
Previous by Thread: RE: file transfer security WAS RE: file sharing
Next by Thread: Tools: "WriteBoard" for online collaboration


What this post helpful? Share it with friends and colleagues:


Sponsored Ads