send password – encrypted- e.g. “Xu587Fyis)” -Encrypted – Receives password
-create a sesure channel over an insecure network
-is reasonable protection against man-in-the-middle attacks
-can still provide security even when only one side of the communiction is secure
Crypto slow down web server
some ad-networks do not support HTTPS
– reduced revenue for publishers
Request URL, Query parameters, Headers, Cookies
SSL/TLS
You need to buy an SSL certificate
Mixed modes issue-loading insecure content on a secure site
Proxy caching problems-public caching cannot occure
Upgrade from HTTP to HTTPS
forged certs
mobile device
– smart phone held by person, self driving car, robot
