1.3. A heads-up about security in general

Before diving into details of cryptography, it is appropriate to first step back for a view of computer security in general. "Security is a process, not a product" (Bruce Schneier in Secrets and Lies, Wiley Computer Publishing, 2000) and while HTTPS can be a useful component of that process it is dangerous to think that it provides security in and of itself. It is also important to understand the "threat model" as it applies to your intended application: what are you protecting?; from whom?; what resources do they have available?; how much are you willing to pay? Given that you are interested in HTTPS, it is reasonable to assume that you are considering handling some sort of sensitive data via a web server. So consider:

Remember too that there may be legal requirements if you process some forms of data. If you process data that relates to identifiable living human beings then the provisions of the Data Protection Act 1998 will apply to that processing. If you are responsible for encrypted data then the Regulation of Investigatory Powers Act 2000 may apply and could require you to decrypt data under some circumstances, or even to hand over your encryption keys.