Suppose a mechanic offered to replace the engine in your car. He is going to cut you a great deal on replacing the engine. However, not only is your current engine running just fine, but the engine he is offering will also be less powerful than the one you currently have. Sounds like a bum deal, right? But then he goes on to say that while the new engine might be a little less powerful, you will probably not notice the difference. The big advantage is that the new engine can run on renewable energy sources such as ethanol, hydrogen, or solar. So, while the engine is less powerful, it has some advantages that are economically beneficial to you and environmentally beneficial in general. Of course, at this point in history you might just write the guy off as a snake oil salesman, but the point is that there is a real benefit to this new approach.
Accessing Your Home When You are Away From Home
There are a large number of native applications that we run at home on our personal computers. Some of them, like Word, TextMate, and Photoshop, allow you to interact with them using a window on your desktop. Some applications are a little different and will present an interface to you via a web browser. These applications are often called web applications. The application you might use to configure your home Internet router is a good example of a web application. To access a web application, you start up web browser like Firefox or Google Chrome and go to a web address specified in the application’s manual. These kinds of web applications are currently less common, but they are out there and may become more prevalent in the future. A big advantage to having web applications like this is that you can often access your application using a different computer when you are away from home. Some popular examples include Gmail, Yahoo Maps, Twitter, or Facebook. While those applications are not on your computer at home, it is pretty clear how easy it is for you to use those applications from any device that has a web browser.
Securing the Connection to Your Home Application
So where does Flash come into play? No matter what protocol is used, you need to be able to communicate across domains. This means that you will go to your application provider’s website, the first domain, to get access to your home computer, the second domain. Normally a web browser can only easily communicate with a single domain. There are some upcoming technologies (e.g. WebSockets) that will ease that restriction, but for right now, Flash makes communicating across domains possible.
In order for your web browser to talk to an “https” website, that website needs to have what is called a trusted SSL certificate. This means that there is a digital document on the Web that you can trust that proves that your web browser is actually talking to the website you typed into the location bar of your browser. When you type “‘https://www.mybank.com” into your web browser, you expect to be talking to your bank’s secure website. However, there are attackers out there who would like to trick you into thinking you are going to your bank’s website. If the security measures in place are poor then your web browser will fail to warn you about an attacker-forged website. If you don’t know that a website is forged then you may send them your username and password without knowing that anything bad has happened. An SSL certificate that is trusted by your web browser provides you with the peace of mind to enter your username and password on your bank’s webpage without having to worry about forgeries. If you receive an SSL certificate that is not trusted then your web browser will warn you and suggest that you leave the website.
So how does your web browser know who to trust? By default, your browser will trust certificates provided by large, well-established companies like VeriSign. These large companies issue SSL certificates to other companies that have proven that they are real businesses by verifying their business phone number and address. This background check ensures that when an SSL certificate says that it belongs to “www.mybank.com”, you know that you are really talking to your bank instead of a forged site that looks like your bank. However, that’s the problem with communicating with an application in your home. You’re probably not a business, so how can you get an SSL certificate that any web browser you want to use will trust?
Getting a trusted SSL certificate can be expensive. Most importantly, the cost to you is not zero dollars. In addition, SSL certificates are typically signed for a particular domain (ie: www.mybank.com). This means that the certificate cannot be used for a different domain and that one would need to purchase a domain to go along with the SSL certificate. You might also need to purchase a static IP address from your Internet Service Provider to ensure that your newly purchased personal website consistently redirects to your home computer. There is a significant cost for purchasing all of the things that you need, and sorting through all of the details is tedious. Ultimately, this process is too costly and time consuming for the average person. Most people are simply more willing to store their private data on a public website than they are to dredge through these issues.
You could generate your own SSL certificate for free. But as previously mentioned, when you try to visit the website, your web browser will display bright red warning signs that it is untrusted. Many people don’t know when to explicitly trust an SSL certificate or what it even means to do so. Usually when a person sees a certificate warning in their browser they will either simply leave the site or do something potentially dangerous and outright ignore it.
So your home application could generate an SSL certificate for you, but when you tried to access your application from a web browser it would complain. However, there is a way around this problem. The application could upload an SSL certificate to your application provider’s website where you could download it at a later time. You could then add the certificate to your browser as a trusted certificate. Unfortunately, most people would agree that this interaction is still too complicated.
How It Works
With that goal in mind, here is an example of how you could communicate with an application in your home using our TLS implementation:
With this mechanism, a number of very useful scenarios are enabled. Some examples include managing a web-connected thermostat in your home, monitoring your home’s security system, streaming music from a home computer, or adding items to a grocery list that is tracked by your fridge. There are many pieces of personal information that we would like to have access to in our homes. Hopefully this helps to explain why the idea isn’t so crazy after all.
In the next article, we’ll discuss the design and implementation of this system. Getting this system working was not only challenging but is also of great interest to web developers who would like to write web applications that can be installed in the home and accessed from anywhere.