The speed is perfect for non native English speakers like me... and I think Mr.Sunny but in his mind this.. and this is why he always provide subtitles. Thank you Mr.Sunny.
Great Job Sunny!! I can't believe how many videos I had to watch until someone actually explained this concept. Every other video was a complete waste of time. I really enjoyed the clear details and breakdown of the process.
Very detailed explained! Thank you for the video. On step 2, the server's digital certificate IS the server's public key, signed by the CA. It brings a lot of confusion to a lot of people not being told clearly that a certificate is just a public key whose ownership has been certified by a CA. So you can basically say that the certificate is what is used to encrypt the client key, once the CA signing it has been verified.
Comment deserves to be pinned to the top. I was wondering why a man in the middle couldn't just eavesdrop and replace the server public key with it's own. Now it makes sense
Clear; Concise; Comprehensible! Well Done and Thank You for breaking SSL/TLS, high-level essentials down so amicably. Will check out your other Classroom topics. Keep it going!
I prefer to think of the public key as a portable safe and the private key as the key for the portable safe. Bob wants to send a message to Jane. Bob asks for Jane's portable safe. Jane gives Bob her portable safe but keeps the key. Bob puts the message in Jane's safe, shuts the door, then sends the portable safe back to Jane. Jane uses her key to open the safe and read Bob's message. The (private) key never leaves Jane's house, only the portable safe does. The safe is pretty heavy so you don't want to do it every time. So you only do it once at the start, to share a secret cipher to encrypt all subsequent messages.
@@5gun1 Thanks, glad it helped! i always thought the idea of a key unlocking another key was weird, so the idea of a key unlocking a safe just made more sense to me!
It wasn't until I stumbled upon your channel have these things become all clear to me. I've been not able to understand how certificate, digital signature, and SSL, HTTPS and the likes works for years. Too many videos articles go into details with the missing pieces at the high-level or not explaining the how at all. Now that I understand it, I can see how horrible many of these materials are at explaining things. Thank you so much. Now I can read other detailed articles with much more clarity. Thanks again!
Thank you very much for explaining in a way that is easy to understand. Watched several videos before this and it was still confusing. Glad that I came across your video. Thank you for your contributions.
Very helpful and useful specially for people like me who wants to recall the concept of trust, digital certs., SSL/TLS handshake and PKI. Thank you so much Mr. Sunny.
Thank you so much Sunny i am taking network security class and your videos are helping me to learn more and help me gets a good grade on my exams. Once again thanks a lot God bless you
It's great explanation. Now a days in lot of places people are using mutual TLS. Can you please make a video on mutual TLS. What are the key differences with the normal TLS handshake. Lots of respect from India.
It is good to point out that it is not necessarily needed to have a CA (Root of trust). You can implement a web of trust infrastructure and the SSL/TLS handshake will still work.
Thank you sir for a great video - I am learning this and at the early days. I come from a network background so dealing with SSL/TLS is a new thing for me. All the best and thanks again. Jim
Hi Sunny Does the Diffie-Hellman algorithm play any role while the ClientKeyExchange? Since the secret key will be encrypted with the server's public key, I assume therse is no need for this alogorithm. But when I check with Wireshark, I see a packet, send by the Client (Encrypted Handshake Message), with prepared content (by wireshark) talking about "EC Diffie-Hellman Client Params". This confuses me.
3:35 Clients don’t contact CA (ie. over network). Clients like web browsers comes with CA public keys bundled. They use those to verify the servers certificate.
Excellent your concise explanation Sunny. I would appreciate if you put another video specifically with TLS 1.3 , its features of zero or one roundtrip and the use of certificates with this version. Thanks.