The Web Communication Protocols

Most of the time, people browse the internet by using a web browser. A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier (URI) and may be a web page, image, video, or other piece of content.

A web browser lets your computer communicate with web servers around the world and giving you the right informations with just a few clicks away. Different web browsers have different way of retrieving informations, but one thing they have in common is web communication protocols.

Web communication protocols are technology used to transfer information across the internet. For example, a web browser uses these protocols to request information from a web server, which is then displayed on the browser screen in the form of text and images. The degree to which users can interact with that information depends on the protocol.


Below are some of web communication protocols used:

HyperText Transfer Protocol (HTTP)

HyperText Transfer Protocol (HTTP) is the most widely used web communications protocol. If you look in the Address field of your web browser right now, it's likely you'll see "http://" at the front.

HTTP is a classic "client-server" protocol. Users click a link on their web browser (the client), and the browser sends a request over the internet to a web server that houses the site the user requested. The server sends back the content of the site, such as text and images, which display in users' web browsers. HTTP is an unsecure communications protocol because the data it sends back and forth between a browser and a server is unencrypted and can be intercepted by third parties.


Telnet is one of the oldest communication protocols. Like HTTP, a Telnet client is used to access remote servers. However, unlike HTTP, where you only request specific files, Telnet is used to actually log on to the remote server and perform functions as if you were sitting in front of the server terminal. Telnet is rarely used now since it is an unsecure protocol that does not encrypt data sent between remote computers.

File Transfer Protocol (FTP)

As the name implies, the File Transfer Protocol (FTP) is primarily used to transfer files such as documents, images, music, etc., between remote computers. Users have to log on to an FTP server either through a command line interface or through one of the many FTP graphical client programs available. Once logged on, users can navigate through the remote server's file structure, moving, renaming, deleting, and copying files as if it were their own computer.

Hypertext Transfer Protocol Secure (HTTPS)

HTTPS is similar to HTTP, but different in that it combines with a security protocol called SSL/TLS to provide secure client-server communications over unsecure networks such as the internet. You're most likely to see HTTPS protocols on ecommerce websites that ask for personal financial information like credit card numbers. You know a website is using HTTPS protocols when you see the "https://" in the web address displayed in your browser's Address field.

IP Security (IPSec)

IP Security (IPSec) protocols encrypt packets of data and send them between two computers that share the same cryptographic keys. In other words, the IPSec protocol is like a hallway with no doors linking two rooms. The only place the data can go is between those two rooms. IPSec protocols are used in Virtual Private Networks, which allow employees of a company to log on to their company's secure network through a public network (e.g. from home or a coffee shop.)


Internet communications that are based on the Transfer Control Protocol/Internet Protocol (TCP/IP), such as the Hypertext Transfer Protocol (HTTP), Telnet, and File Transfer Protocol (FTP), are not secure because all communication occurs in plaintext. Confidential or sensitive information that is transmitted with these protocols can easily be intercepted and read unless the information is protected by encryption technology.

In addition, because any web client can send HTTP requests to a web server and exploit weaknesses in the HTTP protocol or its implementation, web servers that use only standard HTTP to communicate with web clients are easy targets for denial-of-service attacks and other types of attacks. Moreover, web clients that communicate by using standard HTTP are easy targets for unauthorized web servers, which can impersonate legitimate websites and which might contain either virus-laden software for download by users or malicious scripts and programs.

Secure web communication protocols provide a way to authenticate clients and servers on the web and to protect the confidentiality of communication between clients and servers. A variety of secure communication standards that use public key technology have been developed, including Hypertext Transfer Protocol (SHTTP), IP Security (IPSec), PPTP, and L2TP. The leading general-purpose, secure web communication protocols are SSL 3.0 and the open TLS protocol that is based on SSL. The SSL and TLS protocols are widely used to provide secure channels for confidential TCP/IP communication on the web.

One disadvantage of SSL and TLS, however, is that the strength of the cryptography that is used for secure channels is subject to government export and import restrictions. For example, the strength of symmetric key encryption that is used by technology that is nonexportable is much higher (128 bits) than the strength of the symmetric key cryptography that is used by technology that is exportable (40 bits or 56 bits). Both servers and clients must use the same cryptographic strength and the same cryptography algorithms when they communicate over a secure channel. At the beginning of SSL and TLS sessions, the server chooses the strongest cryptography that is available to both the server and the client. Maximum security for secure SSL and TLS communication is available only between servers and clients that can both support the higher-strength nonexportable cryptography.

For secure web communication with banks and other financial institutions, other specialized protocols that use strong cryptography have been developed (as allowed by import or export restrictions on cryptography). Qualifying institutions can use these special protocols to provide strong cryptography for web transactions, and at the same time circumvent the import and export restrictions that apply for SSL and TLS. Two of the leading secure web communication protocols of this type are the secure electronic transaction (SET) protocol and the SGC protocol. The SGC protocol is an extension of SSL, which requires a special SGC certificate to enable strong, 128-bit secure communication for the web server. Internet Explorer and many other web clients support SGC for both exportable and nonexportable versions of web clients. Web clients do not need certificates for SGC communication. However, to use SGC communication with a web server, you must obtain an SGC server certificate from an authorized, commercial CA. The commercial CA that issues your SGC certificate verifies that you are qualified to use SGC. Currently, many financial institutions and institutions in other specific industries can qualify for SGC certificates.