Why can I see an “https” site without signing in?

The “s” in “https” stands for “secure” (“HyperText Transfer Protocol Secure”). This used to show up mainly when shopping or banking online, where you normally signed in to your account. Many other sites use “https” to provide a secure communications link between the site and the user’s browser. In particular Windows Live SkyDrive uses https full-time, even if you are not signed in or are viewing a friends SkyDrive albums.

imageThe “secure” part applies only to the connection, not the site nor your browser. You must still be careful about the site – make sure that you really are on the site you wish to visit.

Only the connection is secure. This protects you from someone snooping in the next booth or from a car outside. You are not protected from the person looking over your shoulder!

The Google Chrome browser provides information about the connection when you right-click on the little padlock icon in front of the web address.

Setting up the secure connection happens when you first get to the site. You wont notice this fascinating routine. First the site’s server performs a key exchange with your browser. This too is done securely, in the illustration you can see the listing of “RSA as the key exchange mechanism”. If you are interested in the inner workings, you can find plenty of information on the Internet. Normal traffic after the key exchange is then done with a faster method that uses 128-bit encryption.

Be careful when reading your email in a public place. Not all email services have switched over to https. Gmail, as an example, uses secure communication. Moving documents to and from SkyDrive is done with secure connections.


© 2011 Ludwig Keck



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s