This section describes how Apple Safari shows a lock icon when you visit an 'https' Website to indicate that the communication is secured with data encryption.
As I mentioned earlier in the book, Web browsers play very important roles in using HTTPS
(Hypertext Transfer Protocol Secure) to secure Web communications.
Now let's see how Apple Safari, as a major Web browser, supports HTTPS.
1. Run Apple Safari and go to Yahoo home page at www.yahoo.com.
2. Click "Mail" in the Yahoo side menu.
3. After Apple Safari finishing displaying the login page,
look at the left side of the URL address box. You will
see a lock icon displayed next to the address:
What happened here was:
When the link "Mail" was clicked, Safari was redirected to use this URL: https://login.yahoo.com/...
Since this is an HTTPS based URL, Safari requested for the server, login.yahoo.com, to provide the server certificate.
Safari validated the server certificate and found no issue.
Safari created a one-time secret key, encrypted with server's public key and delivered to the server.
Server returned the login page document encrypted with the secret key.
Safari and the server will continue to use this secret key to encrypt any data exchanged between them.
The lock icon at the left side of the URL address indicates that this page is secured with HTTPS.
If you click the lock icon, Safari will provide you more security related information for this page.
See next sections for more details.