I like the way this guy talks and explains things, duno what it is. He obviously really knows his stuff to be able to explain it so well and simplify it enough for me to understand!😊 Thanks
To me it seems like he's explaining from a design perspective, that is "how the protocol addresses the problem", and has the knowledge to back it up. I think it's the correct level of abstraction to explain the problem clearly with only the important details.
I would be interested in a separate video about TLS 1.3 versus 1.2, especially related to Encrypted SNI (ESNI) and how if affects transparent proxies and other security tools
I am in rabbit hole, he said in every video "that's what we talk about last time" so I am looking for last video and again and again and again... HELP :D
I believe these are all of them, chronologically. LMK if I missed any. Apr 18, 2014 | Heartbleed, Running the Code Jul 22, 2014 | Public Key Cryptography Oct 23, 2015 | Man in the Middle Attacks & Superfish Mar 22, 2016 | Secure Web Browsing Mar 30, 2017 | End to End Encryption (E2EE) Apr 11, 2017 | SHA: Secure Hashing Algorithm Dec 15, 2017 | Secret Key Exchange (Diffie-Hellman) Dec 29, 2017 | Key Exchange Problems Jan 16, 2018 | Elliptic Curves Aug 14, 2019 | Almost All Web Encryption Works Like This (SP Networks) Nov 20, 2019 | One Encryption Standard to Rule Them All! Nov 22, 2019 | AES Explained (Advanced Encryption Standard) Oct 23, 2020 | Transport Layer Security (TLS)
@@WilliamAndrea Thank you so much. If a blank sheet of paper wants to learn this, would watching the series in release chronological order be appropriate?
It's very convenient that you created these videos just when I decided to start learning TLS. Very clear and easy to understand. Only bad thing is that the adverts come at rather annoying times.
Thank you for explaining with context and really breaking it down. It’s the context and bit of history on how something came to being is what makes things interesting. Thousand kudos.
New record for advert: 2:15. Two of them, of course, after two at the start. 2030: videos are now entirely adverts, no content. 2040: content is back, but only videos containing nothing but adverts are accepted
not even just product placement. It has to be full on "paid programming" level of advertisement. But wait, there's more! Comment today and we'll throw in this free sub to a channel you'll never watch again!
I think this video can serve as a sort of hub or strarting point for many Dr. Pound's videos, both existing and upcoming. Basically it lists in one string a lot of topics he covered, which is quite convenient.
@@Acorn_Anomaly dammit well what do I know. I have no practical experience with handshakes (yet). I only know how to reply at all because college courses LOL TBH, said inexperience is part of the reason I clicked this video... That and of course I was going to make the handshake joke if nobody had already
Client and Server: [does handshake things] Client and Server: "We done? Here's a transcript of what we just said, encrypted. We'll talk again under this encryption kthxbye. [they both check what they sent against what they received. They don't match] Client and Server: "..." (uhh I'm just gonna NOPE RIGHT TF OUT OF THIS ONE!) Attacker: "Aw shucks."
But it's still susceptible to MitM attacks that simply communicate with both in TLS, if you can't verify that the public key you get actually belongs to the party you thing you're speaking to. Which you can't for sure, unless you trust a CA or meet in person and compare keys.
Hey Guys! It would be great to see you guys doing the promised difference between TLS1.2 and 1.3. I really like your videos! They are great to understand the basics of computer science and I like to watch videos related to the toppics i have in my master course. Greetings from Germany!
+1 to that. I was looking for videos on it about a month back and wasn’t happy with any of them really. Happy to have Dr. Mike Pounder showing us how it’s done
@@lakshminarasimmanv Well, I know RU-vid creators often make their videos based around general internet search terms frequency as a way of being timely and catching wind from trends. I haven’t looked into what the RU-vid creator dashboard looks like these days, but I wonder if Google has an API that could easily display “People who watch Computerphile regularly have been searching for” stats.
MQTT is a service that provides detailed connection session storage. Since the same device connecting to the server can use the same connection states, so it can immediate resume receiving topics with retained information.
I'd love to see a video on ACME considering it's largely replaced most of how servers set up trust now. I understand pretty solidly how it all works (I help maintain the Caddy project) but I'm sure it would help for more of the public to understand how this all works. i.e. how the ACME challenges replace the legacy method of paying for certificates, etc.
Huh. The new TLS session after inactivity would definitely explain why tabs reload after I've been tabbed away from them for a while. Learn something new everyday!
that should not explain it. there's something else going on which triggers the reload. otherwise you would just look at the page as you loaded it last.
Hey @Computerphile great video and I always come back here to refresh my memory about how TLS works. Can you also do an extension video of this with mTLS? Thanks
Great video! I do have a question that has been bothering me for a while, though. Why are both RSA and ECDH used? The server sends the certificate, couldn't the client just encrypt a randomly generated AES key with the server's RSA public key, send it, and skip Diffie-Hellman?
@@leogama3422 True, however: - Both the client and the server only have to use it once per connection. - They are already using it anyway since the server signs stuff, and as far as I know, encrypting and signing are equivalent operations in RSA. The server currently signs doing PKCS#1, powering to 'd'. The client checks the signature powering to 'e'. This is equivalent to encryption, but in reverse order, isn't it?
To anyone that might read this, I just got it. The handshake I proposed is called "RSA key-exchange". Its problem is that it does not offer forward secrecy, so all previous traffic, if recorded, could be decrypted if the server's RSA key is compromised. ECDHE prevents this: previous communications will never be decrypted, even though future ones could.
I love your videos, your doodles could be better, but it is great to have a British expert on RU-vid. I have one picky comment on this video , and that is that you have not mentioned "Transport Layer Security". I just wonder if sometimes just explaining the acronym might help some people. I am in IT security and I know we use abbreviations and in-terms like words, it's only natural, but I think saying the whole word might help us sometimes. Thank you for your great work on this channel, your a fantastic team.
anyone else notice that the clip from at 8:40 says "obi one" rather than Obi Wan? surely someone had at least noticed it and commented on the previous video, even if no one (besides me) noticed today.
I did have to allow TLS1.2 explicitly on nodejs wss connection for Iphone because apparently it assumes that every browser in use can do 1.3 which is not the case for Iphones version 7 and lower
In Key exchange part, server sends the hash function of previous messages in digital signature which signed using private key and you say client verifies it using public key how this is shared to client?
The server sends its certificate to the client. The client then verifies the certificate and then extracts the server's public key from the certificate.
1:44 Is this video old? How does he still have that Sketchpad program available? A previous windows update has removed it for me? I only have this Whiteboard app now.
Can you do a video on the mathematical algorithms used in encryption? Euler, Extended Euclidean, matrices, multiplicative inverses, etc. There are a lot of college students who are looking for these videos and there are not that many and the videos available are not very well explained. I'm sure you will gain a lot of traffic if you do this.
Would you do a video on trying to detect tor over tlsv1.3 as the subject and issuer are now not known in the handshake. And to build on this in future iterations of tls1.3, if the server name is also not known.