Transport Layer Security (TLS) - Computerphile
HTML-код
- Опубликовано: 31 май 2024
- It's absolutely everywhere, but what is TLS and where did it come from? Dr Mike Pound explains the background behind this ubiquitous Internet security protocol.
Heartbleed, Running the Code: • Heartbleed, Running th...
Secure Web Browsing: • Secure Web Browsing - ...
Network Stacks & The Internet: • Network Stacks and the...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
I’m a simple man... I see Dr. Mike Pound, I click
Try that in real life
@Peter Lustig We're not gonna feed you here, buddy.
looks like Alice and Bob are in quarantine like the rest of us :)
@@AWES0MEDEFENDER it was actually the first one that got so much hype lol
Poor Alice and Bob, now they can't communicate with each other.
@@realshaoran4514 Oh they still can, if they yell really really loud in their room just like my actual neighbors. The only problem is my neighbors knows nothing about TLS.
i dont mean to be so offtopic but does anybody know a tool to log back into an Instagram account??
I stupidly forgot the login password. I would love any tips you can give me
@Iker Alfonso instablaster :)
Mike is my favorite expert on Computerphile. The way he explains things about security is very clear, but also has some useful historical facts.
This is a very engaging way of teaching.
that's the trait of the smartest and impassioned teachers. They're able to get your attention with the toughest topics.
Please do a video on Macromedia Flash - How it worked, how it affected Internet culture and why it's being deprecated.
Great Idea!
It started as an alternative (replacement) to gif and as such it had actual frames (12 frames at 12fps would be 1s in length) which were loaded progressively. This means that once actionscript was introduced you could execute the code (show preloaders; play sounds, animations, ..) before the app was fully loaded(!) - that's one of the things i loved about flash and still miss in today's tech. Instead of hundreds of requests that we do today, there were only a few in flash - webassembly might change that.
I think Microsoft announced that they have permanently removed flash with the latest version of Win10/
@@RichardBuckerCodes Their built-in version, anyway, that I believe was used for Edge. You can still install it yourself, if you want to for some reason.
Google will be removing Flash from Chrome in December.
It was deprecated because browsers started to support video natively with HTML5. Steve Jobs answers this brilliantly on a All Things Digital interview done some years ago.
we are actually using TLS to learn TLS
if you think about it
Same thing for tutorials about anything relating to technology though - JavaScript, html, databases, RF engineering, photolithography, power infrastructure, just to name a few
@@signalworks You could even say something similar when you learn anything. You are using something to learn how to use that thing
For example, you use math to learn how math works
@@h-0058 I think there's a slight difference between the use of the word "use" - building on basics to learn deeper concepts is one thing, but having the knowledge delivered to you by application of the knowledge itself is another.
5:47 If you think about it, the OSI seven-layer model included a “presentation” layer, between “transport” and “application”, that nobody could fit into the reality of TCP/IP very well. But SSL/TLS fills that layer very nicely.
Ah, yes... the 90s. Great computer times. We had hubs instead of routers. Blasting all the data to all the port, hoping that only the intended recipient would actually grab it. Or token-ring networks, even worse. With the right tools, you could just grab all the data that was intended for other users in the network, like chats, visited websites, video stream. Fun times...
🤣 LOL ah fun times
Wireless networks work the same way though
The modern replacement for a hub would be a switch really, we still had routers back then and they serve a different purpose to a hub/switch.
@@GamingBlake2002 Yes but the data is all encrypted so "the right tools" includes getting the encryption key.
@@vinny142 But the application data may not necessarily be encrypted, and the encryption done by the router can be reversed, since you're also connected to the network and therefore have the key.
Dr Mike Pound is my favorite scientist on Computerphile. Also IMHO the best teacher in this domain on RUclips.
Thank you for this video. Im a networking student and theres all sorts of little tidbits that professors miss (they only have so many hours for lectures). I'm truely grateful for this channel as a whole.
Anyone ever notice he uses the word "alright" as punctuation?
It's a teacher thing
Ilp start adding alright instead of punctuation in my text
It’s a Limey thing...or sniffing a la Billy Idol.
The world needs the part 2 of this video! Nicely done guys!
Seeing the Netscape browser makes me so nostalgic! My first time using the internet at age 20 :)
Another entertaining and educational Computerphile. Each academic has an interesting style and presentation, if Mike Pound is not just research-based but takes the odd class, It would be interesting to watch a vox pop from a cohort of his students to see if they enjoy his classes as much as I enjoy his presentation style. There could well be a whole documentary lurking in the background based on following the presenters over a semester. Their challenges of funding, hierarchy, student and staff interaction, the production of Computerphile, resources, and more. 👀
The "history lesson" in the first half was extremely helpful. I find it much easier to understand concepts and that they are much stickier in the memory with the story. thanks
Having been one of the original designers of the ISO 7 layer model - I find this fascinating (way back before it was known as the 7 layered model {middle/late 1970's}) . My - how far we've progressed! We had no idea that internet/ATM/streaming TV etc would eventually manifest from our ideas.
@@havetacitblue Hi, yep - it's just amazing how things have progressed. I still love IT and all it's weirdness. GEEKY BOYS RULE!
@@RARPoodlefaker I’ve been burned out multiple times since 1980. TLS and security in general have given me a new lease on life...Buggy though it all may be.
So you’re to blame!
Technically TCP layer packages its data in segments and the IP layer uses datagrams. Sometimes people get confused when the term packet gets used to represent things at the different layers.
Roll on the next video! What would I do without DR. Pound's knowledge and Sean's great questions - thanks guys :)
can't stress enough how mike's history lessons are the reason why we understand so much from him :-)
Keep getting back here for this, just gets better every iteration...
Great intro! Would love to see DTLS & TLS 1.3 covered in the future!
I suspect 2 or more videos after this, one or 2 going deeper into basically everything up to TLS1.2 and then a third which talks about all the new TLS1.3 stuff.
Bumping this comment because if I remember correctly the older versions of TLS have been deprecated nowadays
Only 1.3 should be used at this point,,,
Mike is always my favourite guest
Loved the history lesson too! Thank you for bringing on the nostalgia. The Netscape N with a starry night was brilliant. I was waiting for a shooting star
Takes me back to around 1984 when I developed, from scratch, a secure IT communication system for the London Metropolitan Police using the Open Systems Interconnection (OSI) 7 layer model, based on the "Blue Book" standard.
I love the blue IE progress bar with the IP shown below.. bring back memories!!!
Mike Pound is always a pleasure.
Mike: very, very clever.
Sean: Does it ever go wrong?
Mike: yes! All the time
14:12
It was Dr.Taher Elgamal the security researcher who lead the team for the development of SSL at Netscape. He is known as the “Father of SSL”.
Looking forward to part 2. Side-note, the amount of times the OSI model is referenced but i dont think i ever saw a vid on it. I'd love an in-depth one on that.
honnest, hold a entire OSI model on a 20minutes format video isnt reallistic, 4-5videos maybe
@@playmaker4053 only talking about doing an overview. Wasn't suggesting going into detail about each protocol or anything. Anyone that knows the model well could easily talk about it for hours, but that doesn't mean you can't give a 20-minute overview to anyone that doesn't know it.
For each layer, here's the name, its overall purpose is this, here is a list of a few of the protocols at this layer. Even this approach might be helpful to newcomers and would only take a few minutes to list, leaving plenty of room to go into more detail where they want and leave room for padding with banter. 🤣
I'm gonna need that handshake video.
These vids are great, and i give them to fledgling infosec people.
Love videos from Dr Mike!
I see Mike, everything else stops.
No pen spins today, but I just noticed his very strange common P.
Da POUND, POUNDin it
Well explained the history, I would love to watch him talking about POODLE, BEAST, BREACH, CRIME attacks on different versions of TLS/SSL.
I absolutely love Dr.Mike, have been codin' for more than 10 hours today and the sort of satisfaction I get from him explaining is unbelievable. Wish he had a RUclips channel
whoa, wait up. The video ended??!?!?!?! I was learning so much!!! Also, keep bringing the history lessons. Very helpful!!!
This video is awesome. I've dealt with both SSL and TLS, even had to cherry pick ciphers for a reliable (safe) SSL, I figured there was some history behind this mess but didn't expect it to be so interesting :-) admittedly Mike makes everything interesting hahaha!
Honestly, don’t apologise for the history lesson! I love them. From you Mike, from Prof Brailsford, it’s all great. The how-to can always come in a later vid (-:
Dr Mike is awesome! Great explanation!
I vote for another video talking about the handshakes.
Great video and very useful with the history being explained first
Does anybody know what program Dr Pound is using to draw on his surface tablet?
I do have question on how our udp works with tsl. Suppose we are having a video call on zoom, we are using udp for video and voice right? how are those communications secured?
Great educational video as usual 👍
Great video, I love Dr Mike Pound!
Excellent explanation
Excellent video. NN and IE history was really interesting. Next video... Public Key Authentication process?
You guys are awesome to say the least!
So well explained! Thanks!
Rooooters? Lol this guy is my hero. I love the off the cuff history lesson and technical info simultaneously.
Very nice .. next video can you explain the low level details.. exchanges between client server and CAs public side ?
I really enjoyed those 9.5 minutes of history lesson!
This channel is super cool!
Love it. Keep up with the good work! thanks!
Could you do a video on STARTTLS/STLS and how it differs from normal TLS?
Could someone please tell me what tablet is that and which software if you know about it?
I am watching my previous teacher’s RUclips video to prepare for my current job interview 😂
Who is this teacher? Does he do any online training or something ? Would love to be a student of his. His explanations are by far most constructive and most ear pleasing to hear.
how can hearthbleed extract ram of other programs? are they locked in virtual memory space?
Thank you as always for wonderful content. I really wish I lived closer to your University so I could take classes in person (when the human malware is over). It's also nice to see another lefty. 👍😂
Love these videos, they're really informative and break things down nicely to be understandable. Please keep making them. However, why is the host Sean Riley dressed up as the Ready-Brek man!? 😁👍
Better than a 2h lecture i had today.
I wanna hear Mike say "My name is Pound, Mike Pound"
The history lesson was quite important, in my opinion. So thanks for that.
Please I can't wait for next video!!!!!!!
MS are still but wholes albeit in more subtle ways now. Thanks for reminding and/or educating on that topic 😉
Well done. 👍
Simple enough for beginners. Just right.
Excellent professor
A video about the weak implementation of the DeFi protocol in Harvest exploit would be interesting. The attacker used a padding oracle attack as I understood.
Wow this awesome man!
Great to see what carries you away :D
Does tls prevent eavesdropping when using proxies or vpns?
Great video.
Hey does anyone know what pad hes using to write on?
I love how the brown paper got upgraded
Can anyone help me understand if and why applications like video streaming needs TLS? Why pay that cost of encryption and decryption if the application is not secure sensitive
Loved the history lesson in the beginning
A video on TLS handshaking would be interesting.
Great content. May I recommend a lav lapel mic for Dr. Mike Pound? The room reverb was a tiny bit distracting
This guy is the best !!
Can you comment on services that are using wildcard certs for encrypting, especially CDNs where this could create major inter-tenant security issues...
It's an interesting coincidence that hash symbol (#) is also called a 'pound' and Dr. Pound is talking about cryptography :-)
Can I request a topic? I'd love to see some videos about HTTP/3 and QUIC
Am I more drunk than expected, or is the background shifting colors, especially towards the end of the video?
Yes Mike's camera is on auto white balance and the sun kept coming out changing the brightness & colour temperature - hth -Sean
Dr. Pound was touched by the Hand of Midas for this one
This was timely - I'm using IISCrypto to harden some web servers all week. Thank you.
Since TLS in the latest version ... does it mean SSL has been deprecated ?
This guy is awesome!
I know it's not used in web browsers, so much, but what about SSH for transport security. Very common in data transfer scenarios.
What is the relationship between TLS and certificates?
Do you ~need~ certificates to make use of TLS or certificates are just a nice way to pass public keys around?
I'm pretty sure you need them. otherwise Man in the middle attacks are possible.
you don't need certificates, you can use pre-shared symmetric keys, then you use PSK key exchange or you can use raw keys, then you need to have some other way to know if you're getting the right key from the server or not
Certificates are a container for keys that are authenticated through a process called signing. They can be self-signed (usable but considered very dodgy) or they can be held by a certificates server (certificate authority, or CA) which is guaranteed to be an "Honest Ed" source, aka a _Root of Trust_ . Your browser holds a list of CA's to authenticate that the peer (eg. web server) is who it says it is.
This is my brief explanation of *a* certificate, it's a bit more complicated then that. also I am not guaranteeing that it's all in-line with actual TLS operations; I am basing the explanation on a similar system, CurveCP using the Curve25519 elliptical encryption. I believe it's close.
Cheers,
I believe that TLS requires a certificate as a single thing to transfer that includes both a key and proof that this is the right key. It doesn't require the standard PKI with the CAs like LetsEncrypt abd Verisign, though; the server can present any certificate that chains back to a certificate that the client trusts, and the client could have gotten that certificate in a variety of ways. For example, a chat client can contain the certificate that's expected to have signed the server certificate for the server the client will connect to.
Different configurations both require and don't require certificates. Older algorithms use public/private keypair to encrypt the transfer of the symmetrical keys that encrypt the data and so require one. Modern algorithms use Diffie-Hellman (and ECDHE) to agree a shared key without reference to the public key and so only use the certificate for authentication. Older protocol versions allowed a pre-shared key variants of the algorithms; these are not available in modern versions.
Bottom line; yes certificates are now required, however, they only have to be publicly notarised if you want the public to connect to your server.
Any vid on SNI?
I like the history lessons. No need to apologise for the history lessons!
Yes please make another video showing the handshakes etc :D
What odd timing. Just last week I was having a problem where everything that used TLS, notably RUclips, was extremely slow while anything that didn't, notably games, worked perfectly fine. After much work, I was able to narrow the problem down to TLS but nothing I did fixed it. And yes, I tried everything that should've fixed it. In the end, it seems to have fixed itself and I suspect it was an ISP problem... Oh, well, I learned quite a bit about how networking works and changed to a better browser...
This is an abstract view of TLS. Waiting for the Next One
@Stay EZ My Friends Thanks Buddy
9:33 THAT'S A DISCORD NOTIFICATION BEEP ! So you're using Zoom, Teams, and Discord ? Interesting
6:52 you don't need to patent something to stop others from doing so. You just release it into the public domain, automatically preventing any future patents.
I was enjoying the history lesson!
So hypothetically, this concept can also be applied in other communication protocols like I2C, SPI or USB? For example, a company can provide authenticated USB flash drives with laptops to make sure only those can be used and other random drives won't be able to connect to the machines? 🤔
@Stay EZ My Friends thanks! didn't know about that. Something new! 😃👍
If you create or use a protocol that does what the layers under TLS do (TCP, IP, ETH) then yes, it'll work as a layer above that protocol. You can probably even reuse existing TLS implementations.
TLS is built on top of TCP/IP so it is probably not interchangeable to other protocols as is. the other protocols would require to be similar to TCP to work. But the biggest question is why would you want TLS in other protocols. specially USBs. USBs require a physical connection, so, you should know what you are connecting.
Also, TLS relies on certificates, which would make it hard for low level devices to carry around it's private certificate around
@Stay EZ My Friends Which part exactly?
@@superjugy yeah I didn't mean actual TLS as-is into the other ones. The reason someone would want authentication even for short physical connections remains the same. If I am replacing a battery pack in my car or color cartridge in my printer, I would be curious to know if those add-ons are authentic or not. Just an example.
Hey, I liked the history lesson!
MIke Pound : The Richard Feynman of computer science
the history lesson is awesome btw