When the first book was sold online in 1995, few realized how much the internet would change over the course of just a few years. Amazon and all the other online shops that followed changed the lives of people worldwide forever. This revolution was made possible by a security protocol that allowed people to buy goods and services online while using a secure form of payment. But who made all this possible?
Let’s talk about the origin of Secure Socket Layer (SSL) and Hypertext Transfer Protocol Secure (HTTPS) with the old Greeks leading the way. To answer the question what company stands behind the development of what makes the internet a safer place, we have to start with a history lesson. This will help to illustrate how SSL has progressed over the years.
The beginnings of secure communication…
…and what the ancient Greeks, the Roman emperor Julius Caesar, and the Germans have in common.
Believe it or not, the history of cryptography and secure communications dates back thousands of years ago. The word itself originated from the ancient Greek words kryptos, which means hidden or secret, and graphia, which means to write. Therefore, cryptography means literally “secret writing,” and according to a record written by the Greek poet Archilochus the word was used as early as 600 BC. The Greeks called the first cryptographic device “scytale” and used it to communicate during military campaigns. It was a cylinder with a strip of parchment wrapped around it with a secret message on it. Unfortunately, this early method of encryption could be fairly easily broken. A few hundred years later, Julius Caesar used a similar encryption technique known as Caesar’s Cipher. Only the intended recipient of the message knew the cipher, which is essentially the guide for decoding the message, which made it more difficult for another person to crack the code. And during World War II, the Germans used something called the Enigma machine to send encrypted transmissions.
…and who stands behind the development of the Secure Socket Layer.
But before we get to technical, let’s talk about your secrets. Wait, what? Why should you tell us your secrets, you ask? We all have secrets we don’t want anybody to know about but on the other hand, we communicate them regularly over the internet: credit card numbers, social security numbers, telephone numbers, addresses, passwords, and much more. Hardly anybody would freely disclose all that information if they couldn’t trust the person or company they communicate with. Fortunately, for the most part, our secret communications are secure today, all thanks to SSL.
At the beginning of the internet, when Netscape Communications dominated the market with over 80% market share, online communication could be easily overheard by hackers. Back then, you only needed a little technological know-how to download software that would allow you to see and hear what others are doing online. In today’s high-tech world, human-based code is simply too easy to crack for computers, but security is nonetheless an essential driving factor for the evolution of technology. Netscape recognized the importance of online security and that successful eCommerce would only be possible if the information is secure without any risk of being exposed to cyber criminals. Therefore, Netscape Communications was responsible for the development of the SSL protocol.
SSL was first introduced in 1994, but due to too many flaws the version 1.0 of SSL never made it public. The first official release of version 2.0 was a year later, while SSL 3.0, the final version, wasn’t released before 1996. The goal was that messages sent through the internet need to be encrypted so that only the intended recipient can read it. Just like the ancient Greeks, Julius Caesar, or the Germans, modern computers also use symmetric-key encryption to send information back and forth.
Ever since the invention of SSL, the arms race between hackers and code makers has accelerated. Netscape still owns the SSL patent, but the company granted a royalty-free license if someone wants to build implementations covered by the patent. Over the years, new versions of the protocols have been released to address vulnerabilities. The Internet Engineering Task Force adopted an enhanced version called Transport Layer Security, which is now considered the successor to SSL. The current version of TLS, called TLS 1.3, was released in 2018.
How does SSL work…
…and how can you make sure your secrets stay safe?
HTTPS powers the world’s web browsing and secure online communication, and SSL, as well as its successor TLS, are cryptographic protocols that provide authentication and data encryption. They have become the industry standard for securing communication over an unsecured network and provide privacy, integrity, and authentication of the data that’s being exchanged.
SSL certificates are issued by trusted Certificate Authorities (CA), and the ability to trust the validity of those certificates makes it possible to authenticate the identity of “the other end of the line.” The validation process involves a pair of keys, a public and a private key. One key is the decoder, while the other key serves as an encoder. A public key is used to encrypt the data and a private key is used to decrypt it. A public encoder key can be given to anyone, but if the confidential decoder key is given to anyone else, the security is compromised. Web servers and browsers know how to use both keys to encrypt as well as decrypt a message. To begin a conversation, they perform an SSL handshake and ensure that the communicated information will stay private.
To obtain an SSL certificate for your website, you have to make sure you can trust the CA or third-party provider you work with. Fraud can occur even here. Do your research and make sure you read online reviews from reliable providers like Trustpilot or Google reviews. Registrars like 101domain have been in business for decades and have the ability not just to help you set up your SSL, but also provide you with help in case you run into any issues.