ward/ssl-talk
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bigger signing pictures

Browse source
This commit is contained in:
Ward Wouts 2020-02-25 14:52:35 +01:00
parent c424816f42
commit d32087ec25
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
index.html
View file

@ -189,14 +189,15 @@ layout: false
SSL/TLS historically has two main purposes: SSL/TLS historically has two main purposes:
- Protecting traffic using encryption. Both its confidentiality as its integrity. - Protecting traffic using encryption. Both its confidentiality as its integrity.
- Identifying the other side. This was what the lock in the browser URL bar used to be for, until it didn't make sense anymore. - Identifying the other side. This was what the lock in the browser URL bar used to be for, until it didn't make sense anymore.
]
???
Now, on a network you know and control completely there is no need for something like SSL/TLS. TCP can detect broken packets perfectly fine, so integrity is taken care of. There is no one snooping, because you are in control of the network. No one else has access, and you already know what systems you are talking to: your own. Now, on a network you know and control completely there is no need for something like SSL/TLS. TCP can detect broken packets perfectly fine, so integrity is taken care of. There is no one snooping, because you are in control of the network. No one else has access, and you already know what systems you are talking to: your own.
Such a network does not exist. Such a network does not exist.
- Snooping can easily be done by any network operator using listener ports on network equipment. - Snooping can easily be done by any network operator using listener ports on network equipment.
- Traffic can be changed or diverted using a so called Man in the Middle attack - Traffic can be changed or diverted using a so called Man in the Middle attack
]
--- ---
template: inverse template: inverse
# Man in the Middle (MitM) # Man in the Middle (MitM)
@ -254,9 +255,10 @@ show certificate
] ]
.right-column[ .right-column[
So, how does a certificate get signed? So, how does a certificate get signed?
]
<img src="document-signing-process.png" width="100%" /> <img src="document-signing-process.png" width="100%" />
]
??? ???
<!-- XXX picture --> <!-- XXX picture -->
Or how does this signing work: Or how does this signing work:
@ -270,9 +272,9 @@ Or how does this signing work:
] ]
.right-column[ .right-column[
Now anyone can verify the signature: Now anyone can verify the signature:
]
<img src="document-verify-signature.png" width="100%" /> <img src="document-verify-signature.png" width="100%" />
]
??? ???
<!-- XXX picture --> <!-- XXX picture -->
Now anyone can verify the signature by: Now anyone can verify the signature by: