See also: Security | Cryptography | SSL
Acronym: Transport Layer Security
The more secure successor to Secure Sockets Layer (SSL). It is based on the SSL protocol but the systems are not interoperable. However, TLS does allow backing down to SSL 3.0. Internet Explorer does not currently support TLS and no plan to impliment it is yet known.
According to the RFC, TLS has three major goals, in order of their priority:
1. Cryptographic security: TLS should be used to establish a secure
connection between two parties.
2. Interoperability: Independent programmers should be able to
develop applications utilizing TLS that will then be able to
successfully exchange cryptographic parameters without knowledge
of one another’s code.
3. Extensibility: TLS seeks to provide a framework into which new
public key and bulk encryption methods can be incorporated as
necessary. This will also accomplish two sub-goals: to prevent
the need to create a new protocol (and risking the introduction
of possible new weaknesses) and to avoid the need to implement an
entire new security library.
4. Relative efficiency: Cryptographic operations tend to be highly
CPU intensive, particularly public key operations. For this
reason, the TLS protocol has incorporated an optional session
caching scheme to reduce the number of connections that need to
be established from scratch. Additionally, care has been taken to
reduce network activity.
TakeDown.NET -> “TLS”