Why do we need HTTPS?

We need HTTPS for 3 reasons.

Privacy, integrity, and identification.

Certiﬁ cat Let's talk about privacy first.

Com pug ter I'll use my friends as an example.

Browser bird

From T o I am sending a message to Browserbird.

A vo cado toast secret recipe 1 toast 10ml olive oil 1 avocado Oh no! The message is not encrypted!

Crab is listening on the communication capturing the message.

Potentially using it for evil.

Privacy means that no one can eavesdrop on your messages.

Bad crab. Bad.

P AS SWORD When you browse to a website without HTTPS, I could be eavesdropping on your password.

The green padlock on the URL bar of your browser tells you that there are no crabs watching over your shoulder.

Reason number 2: integrity.

Example coming up!

I am sending another message to Browserbird unencrypted.

But before it reaches Browserbird, I intercept the message.

I update the message to say bad things about Browserbird and forward it to him.

Why would Compugter say such things about me?

This is often called a man-in-the-middle attack.

And crab-in-the-middle attacks are the worst.

Bad Crab. Bad.

Integrity means that the message is not manipulated on the way to its destination.

I make sure that your communication is not being tampered with.

Reason number 3: identification.

Example time!

A vo cado toast secret recipe Identification means that I can check that this message is coming from Compugter.

A digital signature attached to a message can identify the sender.

Cheers, Com pug ter -- iPhone. iT yp os. iApologize. The digital signature is not the closing text on your emails. Anyone could copy that ;)

And when you are browsing the web, identification means that the site that you are visiting is indeed the one you think it is.

HTTPS, via SSL certificates, ensures you are connected exactly with the receiver you would expect.

This SSL certificate is valid and has been issued by a legitimate Certificate Authority. You are good to go.

We'll be talking more about SSL certificates and Certificate Authorities soon, so stay tuned.

In summary, privacy, integrity and identification are the main reasons why HTTPS is important.