at 6:40 the authentication is right but then the flow diagram at 7:18 shows conversation between the two devices and the Certificate Authories, which isn't needed to be a real-time communication. The validation of the cert is primarily completed computationally... the assurance of the certificate is augmented by checking a CRL with an external party using OCSP... but one can configure that either way. Use very short period certs and avoid running a CRL/OCSP like Lets Encrypt wants everyone to do
This talk was very useful to me, thank you for the upload.
at 6:40 the authentication is right but then the flow diagram at 7:18 shows conversation between the two devices and the Certificate Authories, which isn't needed to be a real-time communication. The validation of the cert is primarily completed computationally... the assurance of the certificate is augmented by checking a CRL with an external party using OCSP... but one can configure that either way. Use very short period certs and avoid running a CRL/OCSP like Lets Encrypt wants everyone to do
This is for NGINX Plus ... misleading title ... :-(
You missed a LOT of cast of characters. Alice and Bob even have their own Wikipedia page.