Site home page
(news and notices)

Get alerts when Linktionary is updated

Book updates and addendums

Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)

Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!

Contribute to this site

Electronic licensing info



TLS (Transport Layer Security)

Related Entries    Web Links    New/Updated Information

Search Linktionary (powered by FreeFind)

Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

TLS is the IETF's version of SSL (Secure Socket Layer) version 3.0. The IETF sought to standardize SSL, but did not like its use of the RSA Security's proprietary cryptographic technology, so it began work on TLS (Transport Layer Security), which uses Diffie-Hellman public-key cryptography. TLS also uses HMAC TLS as outlined in RFC 2246 (The TLS Protocol, Version 1.0, January 1999). See "SSL (Secure Sockets Layer)" as well.

HMAC (Hashed Message Authentication Code) is a core protocol that is considered essential for security on the Internet along with IPSec, according to RFC 2316 (Report of the IAB, April 1998). It is not a hash function, but a mechanism for message authentication that uses either MD5 or SHA-1 hash functions in combination with a shared secret key (as opposed to a public/private-key pair). Basically, a message is combined with a key and run through the hash function. The result is then combined with the key and run through the hash function again. This 128-bit result is truncated to 96 bits and becomes the MAC.

RFC 2104 (HMAC: Keyed-Hashing for Message Authentication, February 1997) describes how HMAC should be used in preference to older techniques, notably keyed hash functions. Keyed hashes based on MD5 are especially to be avoided, given the hints of weakness in MD5. HMAC is the preferred shared-secret authentication technique and it should be used with SHA-1. It can be used to authenticate any arbitrary message and is suitable for logins.

The following RFCs provide more information about TLS:

  • RFC 2246 (The TLS Protocol, Version 1.0, January 1999) defines the initial version of the TLS protocol.

  • RFC 2712 (Addition of Kerberos Cipher Suites to Transport Layer Security, October 1999) proposes enhancing TLS to support Kerberos.

  • RFC 2817 (Upgrading to TLS Within HTTP/1.1, May 2000) describes how to use the upgrade mechanism in HTTP/1.1 to initiate TLS over an existing TCP connection.

  • RFC 2818 (HTTP over TLS, May 2000) describes how to use TLS (Transport Layer Security) to secure HTTP connections over the Internet.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.