Transport Layer Security (TLS) - Computerphile
Vložit
- čas přidán 16. 05. 2024
- It's absolutely everywhere, but what is TLS and where did it come from? Dr Mike Pound explains the background behind this ubiquitous Internet security protocol.
Heartbleed, Running the Code: • Heartbleed, Running th...
Secure Web Browsing: • Secure Web Browsing - ...
Network Stacks & The Internet: • Network Stacks and the...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
I’m a simple man... I see Dr. Mike Pound, I click
Try that in real life
@Peter Lustig We're not gonna feed you here, buddy.
looks like Alice and Bob are in quarantine like the rest of us :)
@@AWES0MEDEFENDER it was actually the first one that got so much hype lol
Poor Alice and Bob, now they can't communicate with each other.
@@realshaoran4514 Oh they still can, if they yell really really loud in their room just like my actual neighbors. The only problem is my neighbors knows nothing about TLS.
i dont mean to be so offtopic but does anybody know a tool to log back into an Instagram account??
I stupidly forgot the login password. I would love any tips you can give me
@Iker Alfonso instablaster :)
Mike is my favorite expert on Computerphile. The way he explains things about security is very clear, but also has some useful historical facts.
This is a very engaging way of teaching.
that's the trait of the smartest and impassioned teachers. They're able to get your attention with the toughest topics.
Please do a video on Macromedia Flash - How it worked, how it affected Internet culture and why it's being deprecated.
Great Idea!
It started as an alternative (replacement) to gif and as such it had actual frames (12 frames at 12fps would be 1s in length) which were loaded progressively. This means that once actionscript was introduced you could execute the code (show preloaders; play sounds, animations, ..) before the app was fully loaded(!) - that's one of the things i loved about flash and still miss in today's tech. Instead of hundreds of requests that we do today, there were only a few in flash - webassembly might change that.
I think Microsoft announced that they have permanently removed flash with the latest version of Win10/
@@RichardBuckerCodes Their built-in version, anyway, that I believe was used for Edge. You can still install it yourself, if you want to for some reason.
Google will be removing Flash from Chrome in December.
It was deprecated because browsers started to support video natively with HTML5. Steve Jobs answers this brilliantly on a All Things Digital interview done some years ago.
5:47 If you think about it, the OSI seven-layer model included a “presentation” layer, between “transport” and “application”, that nobody could fit into the reality of TCP/IP very well. But SSL/TLS fills that layer very nicely.
we are actually using TLS to learn TLS
if you think about it
Same thing for tutorials about anything relating to technology though - JavaScript, html, databases, RF engineering, photolithography, power infrastructure, just to name a few
@@signalworks You could even say something similar when you learn anything. You are using something to learn how to use that thing
For example, you use math to learn how math works
@@h-0058 I think there's a slight difference between the use of the word "use" - building on basics to learn deeper concepts is one thing, but having the knowledge delivered to you by application of the knowledge itself is another.
Thank you for this video. Im a networking student and theres all sorts of little tidbits that professors miss (they only have so many hours for lectures). I'm truely grateful for this channel as a whole.
The world needs the part 2 of this video! Nicely done guys!
Dr Mike Pound is my favorite scientist on Computerphile. Also IMHO the best teacher in this domain on CZcams.
Ah, yes... the 90s. Great computer times. We had hubs instead of routers. Blasting all the data to all the port, hoping that only the intended recipient would actually grab it. Or token-ring networks, even worse. With the right tools, you could just grab all the data that was intended for other users in the network, like chats, visited websites, video stream. Fun times...
🤣 LOL ah fun times
Wireless networks work the same way though
The modern replacement for a hub would be a switch really, we still had routers back then and they serve a different purpose to a hub/switch.
@@GamingBlake2002 Yes but the data is all encrypted so "the right tools" includes getting the encryption key.
@@vinny142 But the application data may not necessarily be encrypted, and the encryption done by the router can be reversed, since you're also connected to the network and therefore have the key.
Another entertaining and educational Computerphile. Each academic has an interesting style and presentation, if Mike Pound is not just research-based but takes the odd class, It would be interesting to watch a vox pop from a cohort of his students to see if they enjoy his classes as much as I enjoy his presentation style. There could well be a whole documentary lurking in the background based on following the presenters over a semester. Their challenges of funding, hierarchy, student and staff interaction, the production of Computerphile, resources, and more. 👀
can't stress enough how mike's history lessons are the reason why we understand so much from him :-)
The "history lesson" in the first half was extremely helpful. I find it much easier to understand concepts and that they are much stickier in the memory with the story. thanks
Seeing the Netscape browser makes me so nostalgic! My first time using the internet at age 20 :)
Roll on the next video! What would I do without DR. Pound's knowledge and Sean's great questions - thanks guys :)
Keep getting back here for this, just gets better every iteration...
Great intro! Would love to see DTLS & TLS 1.3 covered in the future!
I suspect 2 or more videos after this, one or 2 going deeper into basically everything up to TLS1.2 and then a third which talks about all the new TLS1.3 stuff.
Bumping this comment because if I remember correctly the older versions of TLS have been deprecated nowadays
Only 1.3 should be used at this point,,,
Technically TCP layer packages its data in segments and the IP layer uses datagrams. Sometimes people get confused when the term packet gets used to represent things at the different layers.
Having been one of the original designers of the ISO 7 layer model - I find this fascinating (way back before it was known as the 7 layered model {middle/late 1970's}) . My - how far we've progressed! We had no idea that internet/ATM/streaming TV etc would eventually manifest from our ideas.
@@havetacitblue Hi, yep - it's just amazing how things have progressed. I still love IT and all it's weirdness. GEEKY BOYS RULE!
@@RARPoodlefaker I’ve been burned out multiple times since 1980. TLS and security in general have given me a new lease on life...Buggy though it all may be.
So you’re to blame!
Mike is always my favourite guest
Mike Pound is always a pleasure.
Loved the history lesson too! Thank you for bringing on the nostalgia. The Netscape N with a starry night was brilliant. I was waiting for a shooting star
I love the blue IE progress bar with the IP shown below.. bring back memories!!!
Dr Mike is awesome! Great explanation!
Looking forward to part 2. Side-note, the amount of times the OSI model is referenced but i dont think i ever saw a vid on it. I'd love an in-depth one on that.
honnest, hold a entire OSI model on a 20minutes format video isnt reallistic, 4-5videos maybe
@@playmaker4053 only talking about doing an overview. Wasn't suggesting going into detail about each protocol or anything. Anyone that knows the model well could easily talk about it for hours, but that doesn't mean you can't give a 20-minute overview to anyone that doesn't know it.
For each layer, here's the name, its overall purpose is this, here is a list of a few of the protocols at this layer. Even this approach might be helpful to newcomers and would only take a few minutes to list, leaving plenty of room to go into more detail where they want and leave room for padding with banter. 🤣
Takes me back to around 1984 when I developed, from scratch, a secure IT communication system for the London Metropolitan Police using the Open Systems Interconnection (OSI) 7 layer model, based on the "Blue Book" standard.
Love videos from Dr Mike!
I'm gonna need that handshake video.
These vids are great, and i give them to fledgling infosec people.
Well explained the history, I would love to watch him talking about POODLE, BEAST, BREACH, CRIME attacks on different versions of TLS/SSL.
It was Dr.Taher Elgamal the security researcher who lead the team for the development of SSL at Netscape. He is known as the “Father of SSL”.
I absolutely love Dr.Mike, have been codin' for more than 10 hours today and the sort of satisfaction I get from him explaining is unbelievable. Wish he had a CZcams channel
Great video and very useful with the history being explained first
This video is awesome. I've dealt with both SSL and TLS, even had to cherry pick ciphers for a reliable (safe) SSL, I figured there was some history behind this mess but didn't expect it to be so interesting :-) admittedly Mike makes everything interesting hahaha!
Mike: very, very clever.
Sean: Does it ever go wrong?
Mike: yes! All the time
14:12
Great video, I love Dr Mike Pound!
Very nice .. next video can you explain the low level details.. exchanges between client server and CAs public side ?
Anyone ever notice he uses the word "alright" as punctuation?
It's a teacher thing
Ilp start adding alright instead of punctuation in my text
It’s a Limey thing...or sniffing a la Billy Idol.
whoa, wait up. The video ended??!?!?!?! I was learning so much!!! Also, keep bringing the history lessons. Very helpful!!!
So well explained! Thanks!
Honestly, don’t apologise for the history lesson! I love them. From you Mike, from Prof Brailsford, it’s all great. The how-to can always come in a later vid (-:
Excellent explanation
The history lesson was quite important, in my opinion. So thanks for that.
Love it. Keep up with the good work! thanks!
Great educational video as usual 👍
I really enjoyed those 9.5 minutes of history lesson!
Could you do a video on STARTTLS/STLS and how it differs from normal TLS?
Better than a 2h lecture i had today.
You guys are awesome to say the least!
I love how the brown paper got upgraded
MS are still but wholes albeit in more subtle ways now. Thanks for reminding and/or educating on that topic 😉
Excellent video. NN and IE history was really interesting. Next video... Public Key Authentication process?
Well done. 👍
Simple enough for beginners. Just right.
This channel is super cool!
I vote for another video talking about the handshakes.
Please I can't wait for next video!!!!!!!
Wow this awesome man!
Rooooters? Lol this guy is my hero. I love the off the cuff history lesson and technical info simultaneously.
Thank you as always for wonderful content. I really wish I lived closer to your University so I could take classes in person (when the human malware is over). It's also nice to see another lefty. 👍😂
Love these videos, they're really informative and break things down nicely to be understandable. Please keep making them. However, why is the host Sean Riley dressed up as the Ready-Brek man!? 😁👍
Great to see what carries you away :D
Loved the history lesson in the beginning
This guy is the best !!
Can I request a topic? I'd love to see some videos about HTTP/3 and QUIC
A video about the weak implementation of the DeFi protocol in Harvest exploit would be interesting. The attacker used a padding oracle attack as I understood.
Excellent professor
This was timely - I'm using IISCrypto to harden some web servers all week. Thank you.
Can you comment on services that are using wildcard certs for encrypting, especially CDNs where this could create major inter-tenant security issues...
I do have question on how our udp works with tsl. Suppose we are having a video call on zoom, we are using udp for video and voice right? how are those communications secured?
Does anybody know what program Dr Pound is using to draw on his surface tablet?
I am watching my previous teacher’s CZcams video to prepare for my current job interview 😂
Dr. Pound was touched by the Hand of Midas for this one
This guy is awesome!
I see Mike, everything else stops.
No pen spins today, but I just noticed his very strange common P.
Da POUND, POUNDin it
how can hearthbleed extract ram of other programs? are they locked in virtual memory space?
Great content. May I recommend a lav lapel mic for Dr. Mike Pound? The room reverb was a tiny bit distracting
This is an abstract view of TLS. Waiting for the Next One
@Stay EZ My Friends Thanks Buddy
I wish this guy's my mentor.
A video on TLS handshaking would be interesting.
recently while using tor browser whenever any page in stack exchange i was opening , it was showing below tls handshake is performing. So i thought of finding out what is it, but forgot. Then suddenly it popped out when i was going through adder circuit lectures. I didn;\'t even say out loud the word tls. Is google now can even read thoughts, Anyway Great video..
the history lesson is awesome btw
It's an interesting coincidence that hash symbol (#) is also called a 'pound' and Dr. Pound is talking about cryptography :-)
Great video.
Who is this teacher? Does he do any online training or something ? Would love to be a student of his. His explanations are by far most constructive and most ear pleasing to hear.
Yes please make another video showing the handshakes etc :D
Does tls prevent eavesdropping when using proxies or vpns?
the history is certainly useful for understanding why the technology is as it is today.it's not just a nostalgia trip
I like the history lessons. No need to apologise for the history lessons!
I wanna hear Mike say "My name is Pound, Mike Pound"
Could someone please tell me what tablet is that and which software if you know about it?
What is the relationship between TLS and certificates?
Do you ~need~ certificates to make use of TLS or certificates are just a nice way to pass public keys around?
I'm pretty sure you need them. otherwise Man in the middle attacks are possible.
you don't need certificates, you can use pre-shared symmetric keys, then you use PSK key exchange or you can use raw keys, then you need to have some other way to know if you're getting the right key from the server or not
Certificates are a container for keys that are authenticated through a process called signing. They can be self-signed (usable but considered very dodgy) or they can be held by a certificates server (certificate authority, or CA) which is guaranteed to be an "Honest Ed" source, aka a _Root of Trust_ . Your browser holds a list of CA's to authenticate that the peer (eg. web server) is who it says it is.
This is my brief explanation of *a* certificate, it's a bit more complicated then that. also I am not guaranteeing that it's all in-line with actual TLS operations; I am basing the explanation on a similar system, CurveCP using the Curve25519 elliptical encryption. I believe it's close.
Cheers,
I believe that TLS requires a certificate as a single thing to transfer that includes both a key and proof that this is the right key. It doesn't require the standard PKI with the CAs like LetsEncrypt abd Verisign, though; the server can present any certificate that chains back to a certificate that the client trusts, and the client could have gotten that certificate in a variety of ways. For example, a chat client can contain the certificate that's expected to have signed the server certificate for the server the client will connect to.
Different configurations both require and don't require certificates. Older algorithms use public/private keypair to encrypt the transfer of the symmetrical keys that encrypt the data and so require one. Modern algorithms use Diffie-Hellman (and ECDHE) to agree a shared key without reference to the public key and so only use the certificate for authentication. Older protocol versions allowed a pre-shared key variants of the algorithms; these are not available in modern versions.
Bottom line; yes certificates are now required, however, they only have to be publicly notarised if you want the public to connect to your server.
How about NOISE protocol framework (used by Wireguard and Nebula and WhatsApp etc..). Lots of people writing apps and considering whether to integrate with TLS or DTLS or put together a few primitives for their own simple secure thing.
Since TLS in the latest version ... does it mean SSL has been deprecated ?
I know it's not used in web browsers, so much, but what about SSH for transport security. Very common in data transfer scenarios.
Hey does anyone know what pad hes using to write on?
Hey, I liked the history lesson!
So hypothetically, this concept can also be applied in other communication protocols like I2C, SPI or USB? For example, a company can provide authenticated USB flash drives with laptops to make sure only those can be used and other random drives won't be able to connect to the machines? 🤔
@Stay EZ My Friends thanks! didn't know about that. Something new! 😃👍
If you create or use a protocol that does what the layers under TLS do (TCP, IP, ETH) then yes, it'll work as a layer above that protocol. You can probably even reuse existing TLS implementations.
TLS is built on top of TCP/IP so it is probably not interchangeable to other protocols as is. the other protocols would require to be similar to TCP to work. But the biggest question is why would you want TLS in other protocols. specially USBs. USBs require a physical connection, so, you should know what you are connecting.
Also, TLS relies on certificates, which would make it hard for low level devices to carry around it's private certificate around
@Stay EZ My Friends Which part exactly?
@@superjugy yeah I didn't mean actual TLS as-is into the other ones. The reason someone would want authentication even for short physical connections remains the same. If I am replacing a battery pack in my car or color cartridge in my printer, I would be curious to know if those add-ons are authentic or not. Just an example.
4:37
SSL: Secure Socket Slayer
MIke Pound : The Richard Feynman of computer science
Can anyone help me understand if and why applications like video streaming needs TLS? Why pay that cost of encryption and decryption if the application is not secure sensitive
Any vid on SNI?