Transport Layer Security (TLS) - Computerphile
ฝัง
- เผยแพร่เมื่อ 14 พ.ค. 2024
- It's absolutely everywhere, but what is TLS and where did it come from? Dr Mike Pound explains the background behind this ubiquitous Internet security protocol.
Heartbleed, Running the Code: • Heartbleed, Running th...
Secure Web Browsing: • Secure Web Browsing - ...
Network Stacks & The Internet: • Network Stacks and the...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
![BOWKYLION - ส่วนต่าง (do it without me) [Official MV]](http://i.ytimg.com/vi/7x-pwcMopzE/mqdefault.jpg)
I’m a simple man... I see Dr. Mike Pound, I click
Try that in real life
@Peter Lustig We're not gonna feed you here, buddy.
Mike is my favorite expert on Computerphile. The way he explains things about security is very clear, but also has some useful historical facts.
This is a very engaging way of teaching.
that's the trait of the smartest and impassioned teachers. They're able to get your attention with the toughest topics.
looks like Alice and Bob are in quarantine like the rest of us :)
@@AWES0MEDEFENDER it was actually the first one that got so much hype lol
Poor Alice and Bob, now they can't communicate with each other.
@@realshaoran4514 Oh they still can, if they yell really really loud in their room just like my actual neighbors. The only problem is my neighbors knows nothing about TLS.
i dont mean to be so offtopic but does anybody know a tool to log back into an Instagram account??
I stupidly forgot the login password. I would love any tips you can give me
@Iker Alfonso instablaster :)
Please do a video on Macromedia Flash - How it worked, how it affected Internet culture and why it's being deprecated.
Great Idea!
It started as an alternative (replacement) to gif and as such it had actual frames (12 frames at 12fps would be 1s in length) which were loaded progressively. This means that once actionscript was introduced you could execute the code (show preloaders; play sounds, animations, ..) before the app was fully loaded(!) - that's one of the things i loved about flash and still miss in today's tech. Instead of hundreds of requests that we do today, there were only a few in flash - webassembly might change that.
I think Microsoft announced that they have permanently removed flash with the latest version of Win10/
@@RichardBuckerCodes Their built-in version, anyway, that I believe was used for Edge. You can still install it yourself, if you want to for some reason.
Google will be removing Flash from Chrome in December.
It was deprecated because browsers started to support video natively with HTML5. Steve Jobs answers this brilliantly on a All Things Digital interview done some years ago.
5:47 If you think about it, the OSI seven-layer model included a “presentation” layer, between “transport” and “application”, that nobody could fit into the reality of TCP/IP very well. But SSL/TLS fills that layer very nicely.
Thank you for this video. Im a networking student and theres all sorts of little tidbits that professors miss (they only have so many hours for lectures). I'm truely grateful for this channel as a whole.
we are actually using TLS to learn TLS
if you think about it
Same thing for tutorials about anything relating to technology though - JavaScript, html, databases, RF engineering, photolithography, power infrastructure, just to name a few
@@signalworks You could even say something similar when you learn anything. You are using something to learn how to use that thing
For example, you use math to learn how math works
@@h-0058 I think there's a slight difference between the use of the word "use" - building on basics to learn deeper concepts is one thing, but having the knowledge delivered to you by application of the knowledge itself is another.
The world needs the part 2 of this video! Nicely done guys!
Roll on the next video! What would I do without DR. Pound's knowledge and Sean's great questions - thanks guys :)
Another entertaining and educational Computerphile. Each academic has an interesting style and presentation, if Mike Pound is not just research-based but takes the odd class, It would be interesting to watch a vox pop from a cohort of his students to see if they enjoy his classes as much as I enjoy his presentation style. There could well be a whole documentary lurking in the background based on following the presenters over a semester. Their challenges of funding, hierarchy, student and staff interaction, the production of Computerphile, resources, and more. 👀
Dr Mike Pound is my favorite scientist on Computerphile. Also IMHO the best teacher in this domain on TH-cam.
Ah, yes... the 90s. Great computer times. We had hubs instead of routers. Blasting all the data to all the port, hoping that only the intended recipient would actually grab it. Or token-ring networks, even worse. With the right tools, you could just grab all the data that was intended for other users in the network, like chats, visited websites, video stream. Fun times...
🤣 LOL ah fun times
Wireless networks work the same way though
The modern replacement for a hub would be a switch really, we still had routers back then and they serve a different purpose to a hub/switch.
@@GamingBlake2002 Yes but the data is all encrypted so "the right tools" includes getting the encryption key.
@@vinny142 But the application data may not necessarily be encrypted, and the encryption done by the router can be reversed, since you're also connected to the network and therefore have the key.
The "history lesson" in the first half was extremely helpful. I find it much easier to understand concepts and that they are much stickier in the memory with the story. thanks
can't stress enough how mike's history lessons are the reason why we understand so much from him :-)
Seeing the Netscape browser makes me so nostalgic! My first time using the internet at age 20 :)
Keep getting back here for this, just gets better every iteration...
Loved the history lesson too! Thank you for bringing on the nostalgia. The Netscape N with a starry night was brilliant. I was waiting for a shooting star
Having been one of the original designers of the ISO 7 layer model - I find this fascinating (way back before it was known as the 7 layered model {middle/late 1970's}) . My - how far we've progressed! We had no idea that internet/ATM/streaming TV etc would eventually manifest from our ideas.
@@havetacitblue Hi, yep - it's just amazing how things have progressed. I still love IT and all it's weirdness. GEEKY BOYS RULE!
@@RARPoodlefaker I’ve been burned out multiple times since 1980. TLS and security in general have given me a new lease on life...Buggy though it all may be.
So you’re to blame!
Technically TCP layer packages its data in segments and the IP layer uses datagrams. Sometimes people get confused when the term packet gets used to represent things at the different layers.
Great intro! Would love to see DTLS & TLS 1.3 covered in the future!
I suspect 2 or more videos after this, one or 2 going deeper into basically everything up to TLS1.2 and then a third which talks about all the new TLS1.3 stuff.
Bumping this comment because if I remember correctly the older versions of TLS have been deprecated nowadays
Only 1.3 should be used at this point,,,
I love the blue IE progress bar with the IP shown below.. bring back memories!!!
Mike Pound is always a pleasure.
Mike is always my favourite guest
Takes me back to around 1984 when I developed, from scratch, a secure IT communication system for the London Metropolitan Police using the Open Systems Interconnection (OSI) 7 layer model, based on the "Blue Book" standard.
This video is awesome. I've dealt with both SSL and TLS, even had to cherry pick ciphers for a reliable (safe) SSL, I figured there was some history behind this mess but didn't expect it to be so interesting :-) admittedly Mike makes everything interesting hahaha!
I'm gonna need that handshake video.
These vids are great, and i give them to fledgling infosec people.
Well explained the history, I would love to watch him talking about POODLE, BEAST, BREACH, CRIME attacks on different versions of TLS/SSL.
whoa, wait up. The video ended??!?!?!?! I was learning so much!!! Also, keep bringing the history lessons. Very helpful!!!
Dr Mike is awesome! Great explanation!
Love videos from Dr Mike!
Honestly, don’t apologise for the history lesson! I love them. From you Mike, from Prof Brailsford, it’s all great. The how-to can always come in a later vid (-:
Mike: very, very clever.
Sean: Does it ever go wrong?
Mike: yes! All the time
14:12
Looking forward to part 2. Side-note, the amount of times the OSI model is referenced but i dont think i ever saw a vid on it. I'd love an in-depth one on that.
honnest, hold a entire OSI model on a 20minutes format video isnt reallistic, 4-5videos maybe
@@playmaker4053 only talking about doing an overview. Wasn't suggesting going into detail about each protocol or anything. Anyone that knows the model well could easily talk about it for hours, but that doesn't mean you can't give a 20-minute overview to anyone that doesn't know it.
For each layer, here's the name, its overall purpose is this, here is a list of a few of the protocols at this layer. Even this approach might be helpful to newcomers and would only take a few minutes to list, leaving plenty of room to go into more detail where they want and leave room for padding with banter. 🤣
Great video and very useful with the history being explained first
Great video, I love Dr Mike Pound!
I absolutely love Dr.Mike, have been codin' for more than 10 hours today and the sort of satisfaction I get from him explaining is unbelievable. Wish he had a TH-cam channel
Anyone ever notice he uses the word "alright" as punctuation?
It's a teacher thing
Ilp start adding alright instead of punctuation in my text
It’s a Limey thing...or sniffing a la Billy Idol.
Love these videos, they're really informative and break things down nicely to be understandable. Please keep making them. However, why is the host Sean Riley dressed up as the Ready-Brek man!? 😁👍
Great educational video as usual 👍
Excellent video. NN and IE history was really interesting. Next video... Public Key Authentication process?
It was Dr.Taher Elgamal the security researcher who lead the team for the development of SSL at Netscape. He is known as the “Father of SSL”.
Thank you as always for wonderful content. I really wish I lived closer to your University so I could take classes in person (when the human malware is over). It's also nice to see another lefty. 👍😂
Love it. Keep up with the good work! thanks!
The history lesson was quite important, in my opinion. So thanks for that.
Very nice .. next video can you explain the low level details.. exchanges between client server and CAs public side ?
You guys are awesome to say the least!
So well explained! Thanks!
Rooooters? Lol this guy is my hero. I love the off the cuff history lesson and technical info simultaneously.
MS are still but wholes albeit in more subtle ways now. Thanks for reminding and/or educating on that topic 😉
Better than a 2h lecture i had today.
I really enjoyed those 9.5 minutes of history lesson!
This channel is super cool!
Well done. 👍
Simple enough for beginners. Just right.
Excellent explanation
Could you do a video on STARTTLS/STLS and how it differs from normal TLS?
I vote for another video talking about the handshakes.
A video about the weak implementation of the DeFi protocol in Harvest exploit would be interesting. The attacker used a padding oracle attack as I understood.
Loved the history lesson in the beginning
Wow this awesome man!
Great to see what carries you away :D
Please I can't wait for next video!!!!!!!
I love how the brown paper got upgraded
I see Mike, everything else stops.
No pen spins today, but I just noticed his very strange common P.
Da POUND, POUNDin it
Yes please make another video showing the handshakes etc :D
Who is this teacher? Does he do any online training or something ? Would love to be a student of his. His explanations are by far most constructive and most ear pleasing to hear.
I am watching my previous teacher’s TH-cam video to prepare for my current job interview 😂
Excellent professor
A video on TLS handshaking would be interesting.
Great video.
This was timely - I'm using IISCrypto to harden some web servers all week. Thank you.
Dr. Pound was touched by the Hand of Midas for this one
It's an interesting coincidence that hash symbol (#) is also called a 'pound' and Dr. Pound is talking about cryptography :-)
This guy is the best !!
This is an abstract view of TLS. Waiting for the Next One
@Stay EZ My Friends Thanks Buddy
Can you comment on services that are using wildcard certs for encrypting, especially CDNs where this could create major inter-tenant security issues...
Does anybody know what program Dr Pound is using to draw on his surface tablet?
I wanna hear Mike say "My name is Pound, Mike Pound"
I do have question on how our udp works with tsl. Suppose we are having a video call on zoom, we are using udp for video and voice right? how are those communications secured?
Great content. May I recommend a lav lapel mic for Dr. Mike Pound? The room reverb was a tiny bit distracting
This guy is awesome!
Can I request a topic? I'd love to see some videos about HTTP/3 and QUIC
I like the history lessons. No need to apologise for the history lessons!
9:33 THAT'S A DISCORD NOTIFICATION BEEP ! So you're using Zoom, Teams, and Discord ? Interesting
how can hearthbleed extract ram of other programs? are they locked in virtual memory space?
What odd timing. Just last week I was having a problem where everything that used TLS, notably TH-cam, was extremely slow while anything that didn't, notably games, worked perfectly fine. After much work, I was able to narrow the problem down to TLS but nothing I did fixed it. And yes, I tried everything that should've fixed it. In the end, it seems to have fixed itself and I suspect it was an ISP problem... Oh, well, I learned quite a bit about how networking works and changed to a better browser...
Hey, I liked the history lesson!
I was enjoying the history lesson!
I wish this guy's my mentor.
the history lesson is awesome btw
the history is certainly useful for understanding why the technology is as it is today.it's not just a nostalgia trip
6:52 you don't need to patent something to stop others from doing so. You just release it into the public domain, automatically preventing any future patents.
Does tls prevent eavesdropping when using proxies or vpns?
recently while using tor browser whenever any page in stack exchange i was opening , it was showing below tls handshake is performing. So i thought of finding out what is it, but forgot. Then suddenly it popped out when i was going through adder circuit lectures. I didn;\'t even say out loud the word tls. Is google now can even read thoughts, Anyway Great video..
13:29 Good question!
It's a standardization to decide which standardization to use between two.
MIke Pound : The Richard Feynman of computer science
Am I more drunk than expected, or is the background shifting colors, especially towards the end of the video?
Yes Mike's camera is on auto white balance and the sun kept coming out changing the brightness & colour temperature - hth -Sean
MORE MIKE POUND
What is the relationship between TLS and certificates?
Do you ~need~ certificates to make use of TLS or certificates are just a nice way to pass public keys around?
I'm pretty sure you need them. otherwise Man in the middle attacks are possible.
you don't need certificates, you can use pre-shared symmetric keys, then you use PSK key exchange or you can use raw keys, then you need to have some other way to know if you're getting the right key from the server or not
Certificates are a container for keys that are authenticated through a process called signing. They can be self-signed (usable but considered very dodgy) or they can be held by a certificates server (certificate authority, or CA) which is guaranteed to be an "Honest Ed" source, aka a _Root of Trust_ . Your browser holds a list of CA's to authenticate that the peer (eg. web server) is who it says it is.
This is my brief explanation of *a* certificate, it's a bit more complicated then that. also I am not guaranteeing that it's all in-line with actual TLS operations; I am basing the explanation on a similar system, CurveCP using the Curve25519 elliptical encryption. I believe it's close.
Cheers,
I believe that TLS requires a certificate as a single thing to transfer that includes both a key and proof that this is the right key. It doesn't require the standard PKI with the CAs like LetsEncrypt abd Verisign, though; the server can present any certificate that chains back to a certificate that the client trusts, and the client could have gotten that certificate in a variety of ways. For example, a chat client can contain the certificate that's expected to have signed the server certificate for the server the client will connect to.
Different configurations both require and don't require certificates. Older algorithms use public/private keypair to encrypt the transfer of the symmetrical keys that encrypt the data and so require one. Modern algorithms use Diffie-Hellman (and ECDHE) to agree a shared key without reference to the public key and so only use the certificate for authentication. Older protocol versions allowed a pre-shared key variants of the algorithms; these are not available in modern versions.
Bottom line; yes certificates are now required, however, they only have to be publicly notarised if you want the public to connect to your server.
Could someone please tell me what tablet is that and which software if you know about it?