Securing TCP Vanilla TCP UDP sockets: TSL implemented in no encryption application layer cleartext passwords sent into socket apps use TSL libraries,that traverse Internet in cleartext (! use TCP in turn Transport Layer Security(TLS) TLS socket API provides encrypted TCP connections cleartext sent into socket data integrity traverse Internet encrypted end-point authentication see Chapter 8 Application Layer:2-16
Securing TCP Application Layer: 2-16 Vanilla TCP & UDP sockets: ▪ no encryption ▪ cleartext passwords sent into socket traverse Internet in cleartext (!) Transport Layer Security (TLS) ▪ provides encrypted TCP connections ▪ data integrity ▪ end-point authentication TSL implemented in application layer ▪ apps use TSL libraries, that use TCP in turn TLS socket API ▪ cleartext sent into socket traverse Internet encrypted ▪ see Chapter 8
Application layer:overview P2P applications Principles of network video streaming and content applications distribution networks ■Web and HTTP socket programming with E-mail,SMTP,IMAP UDP and TCP The Domain Name System DNS Application Layer:2-17
Application layer: overview ▪ Principles of network applications ▪ Web and HTTP ▪ E-mail, SMTP, IMAP ▪ The Domain Name System DNS ▪ P2P applications ▪ video streaming and content distribution networks ▪ socket programming with UDP and TCP Application Layer: 2-17
Web and HTTP First,a quick review... web page consists of objects,each of which can be stored on different Web servers object can be HTML file,JPEG image,Java applet,audio file,... web page consists of base HTML-file which includes several referenced objects,each addressable by a URL,e.g., www.someschool.edu/someDept/pic.gif host name path name Application Layer:2-18
Web and HTTP Application Layer: 2-18 First, a quick review… ▪ web page consists of objects, each of which can be stored on different Web servers ▪ object can be HTML file, JPEG image, Java applet, audio file,… ▪ web page consists of base HTML-file which includes several referenced objects, each addressable by a URL, e.g., www.someschool.edu/someDept/pic.gif host name path name
HTTP overview HTTP:hypertext transfer protocol Web's application layer protocol PC running HTTP request client/server model: Firefox browser HTTP client:browser that requests, response receives,(using HTTP protocol)and “displays'”Web objects HTTP request server:Web server sends (using HTTP reseonse server running Apache Web server HTTP protocol)objects in response to requests iPhone running Safari browser Application Layer:2-19
HTTP overview Application Layer: 2-19 HTTP: hypertext transfer protocol ▪ Web’s application layer protocol ▪ client/server model: • client: browser that requests, receives, (using HTTP protocol) and “displays” Web objects • server: Web server sends (using HTTP protocol) objects in response to requests PC running Firefox browser server running Apache Web server iPhone running Safari browser
HTTP overview(continued) HTTP uses TCP: HTTP is"stateless” client initiates TCP connection server maintains no (creates socket)to server,port 80 information about past client server accepts TCP connection requests from client aside HTTP messages (application-layer protocols that maintain "state are complex! protocol messages)exchanged past history(state)must be between browser (HTTP client)and maintained Web server(HTTP server) if server/client crashes,their views -TCP connection closed of "state"may be inconsistent, must be reconciled Application Layer:2-20
HTTP overview (continued) Application Layer: 2-20 HTTP uses TCP: ▪ client initiates TCP connection (creates socket) to server, port 80 ▪ server accepts TCP connection from client ▪ HTTP messages (application-layer protocol messages) exchanged between browser (HTTP client) and Web server (HTTP server) ▪ TCP connection closed HTTP is “stateless” ▪ server maintains no information about past client requests protocols that maintain “state” are complex! ▪ past history (state) must be maintained ▪ if server/client crashes, their views of “state”may be inconsistent, must be reconciled aside