SSL Facts

This document provides an overview over all articles resulting from my search related to SSL.

Content

General

  • originally designed by Netscape, and its version 3.0 was later adapted by the Internet Engineering Task Force (IETF) while they were designing TLS
  • used for confidentiality and authentication between SOAP-requester and the WebService itself
  • security at the transport-level
  • deals only with the originator of the SOAP request
  • Implementing encryption only at the transport level makes a "SOAP gap." [On02]
  • if confidence between the SOAP requester and the WebService itself is all thta is required, SSL is the pragmatic solution (SSL is available in all Web servers, and with the vast majority of first-generation Web Services using HTTP, it is a useful and pragmatic solution) [On02]

What is SSL

Article foundFact

Limitations

Article foundFact
Secure Web services [Sh03]
  • SSL is designed to provide point-to-point security, which falls short for Web services because we need end-to-end security, where multiple intermediary nodes could exist between the two endpoints
  • SSL secures communication at transport level rather than at message level. As a result, messages are protected only while in transit on the wire. For example, sensitive data on your hard disk drive is not generally protected unless you apply a proprietary encryption technology.
  • HTTPS in its current form does not support nonrepudiation well. Nonrepudiation is critical for business Web services and, for that matter, any business transaction.
  • SSL does not provide element-wise signing and encryption. (Again, that is due to the fact that SSL is a transport-level security scheme as opposed to a message-level scheme.)