Tagged Questions
11
votes
7answers
9k views
What is the difference in security between a VPN- and a SSL-connection?
I would like to design a client-server application where the server is placed on Internet. I assume that I could set up the client-server connection using VPN (is it using IPSec?) or using a SSL ...
42
votes
3answers
15k views
What's the difference between SSL, TLS, and HTTPS?
I get confused with the terms in this area. What is SSL, TLS, and HTTPS? What are the differences between them?
20
votes
3answers
2k views
How does Convergence (CA replacement) prevent its notaries from being MITM'd as well?
I have been looking into Convergence and how it works, but I cant figure out how it is effective against a MITM attack that happens near the target system. My understanding is that Convergence works ...
14
votes
3answers
3k views
Convergence - an SSL replacement?
Today, Moxie Marlinspike, a security researcher famous for his research on Android and SSL and related protocols (author of sslstrip/sslsniff), released "Convergence" which says is "an agile ...
6
votes
2answers
3k views
What is ECDHE-RSA?
What is the difference between ECDHE-RSA and DHE-RSA?
I know that DHE-RSA is (in one sentence) Diffie Hellman signed using RSA keys. Where DH is used for forward secrecy and RSA guards against MITM, ...
5
votes
4answers
3k views
How do the processes for digital certificates, signatures and ssl work?
I have been trying to understand how ssl works. Instead of Alice and Bob, lets consider client and server communication.
Server has a digital certificate acquired from a CA. It also has public and ...
3
votes
1answer
157 views
Can wildcard certificates hide/obscure the hostname in a TLS connection?
I'm trying to increase security for my cloud-based / multi-tenant environment. I'm considering having clients access an obscure URL such as GUID.myCloud.com. I will then respond to that guid-based ...
