使用HTTPS协议时，谁加密消息，浏览器或网卡? [英] While using HTTPS protocol, who encrypts the message, the Browser or the Network Card?

问题描述

我正在阅读有关WCF传输安全性的内容，由于对网络的了解较少，因此我有很多疑问.

I am reading about WCF Transport Security and I get a plethora of doubts in my mind because I have less network knowledge.

他们说，只有在客户端和服务器之间存在直接通信时，才可以使用传输安全性.不应有任何中介.

They say, Transport security is good to use only when there is direct communication between client and server. There should be no intermediaries.

首先，我想知道这些中介机构是什么?根据我的说法，它们是位于它们之间的路由器，它们将消息中继到下一跳，而不是完整的计算机系统，有人可以坐在该计算机上并拦截消息.

First of all I want to know, what are these intermediaries ? According to me, they are the routers sitting in between, which relay the messages to next hop, and are not complete computer systems, on which somebody can sit and intercept the messages.

我对此主题还有其他疑问，一旦收到答案，我就会提出疑问.

I have other doubts also regarding this topic, which I will ask once I receive the answer for this one.

推荐答案

在这种情况下，没有路由器不是中介.路由器，交换机和其他网络基础设施设备在ISO/OSI或TCP/IP网络协议栈的较低层上运行.

No routers are not intermediaries in this scenario. Routers, switches and other network infrastructure devices operates on lower layers of ISO/OSI or TCP/IP network protocol stacks.

在这种情况下，中介是网关，负载平衡器或反向代理.从客户端的角度来看，网关或反向代理是服务的宿主，但并非必须如此.它可以只是某些公司网络的入口，它将消息转发给隐藏在公司网络内的真实主机(托管服务的服务器).

Intermediaries are in this case gateways, load balancers or reverse proxies. From the client point of view the gateway or reverse proxy is the host of the service but it doesn't have to be. It can be just entry point into some corporate network which will forward the message to the real host (server hosting the service) hidden inside the corporate network.

消息和传输安全性之间的区别在于，传输安全性在网关处结束-对于客户端，它是目的地，而客户端打开与该目的地的连接.连接是点对点的，无法在多个连接之间维护传输安全性(传输安全性从连接的一侧开始，在另一侧结束).消息安全性是端对端的，这意味着消息包含安全性作为其内容的一部分，并且网关仅转发安全消息.只有真实的目的地(服务的真实主机)才能解密这些消息.

The difference between message and transport security is that transport security ends at the gateway - for client it is a destination and client opens connection to that destination. The connection is point to point and transport security cannot be maintained among multiple connections (transport security starts at one side of the connection and ends on the other side). Message security in turn is end to end it means that message contains security as part of its content and gateways just forward secured messages. Only the real destination (real host of the service) should be able to decrypt those messages.

使用HTTPS协议时，谁对消息，浏览器或网卡进行加密?

While using HTTPS protocol, who encrypts the message, the Browser or the Network Card?

再次，HTTPS是上层协议-使用它不是网卡的责任.某些编程API或OS基础结构负责创建HTTPS连接.浏览器只是调用此API.

Again HTTPS is upper layer protocol - it is not responsibility of the network card to use it. Some programming API or OS infrastructure is responsible for creating HTTPS connection. Browser just calls this API.

这篇关于使用HTTPS协议时，谁加密消息，浏览器或网卡?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！