Transport Layer Security (TLS) - Computerphile
It's absolutely everywhere, but what is TLS and where did it come from? Dr Mike Pound explains the background behind this ubiquitous Internet security protocol.
Heartbleed, Running the Code: • Heartbleed, Running th...
Secure Web Browsing: • Secure Web Browsing - ...
Network Stacks & The Internet: • Network Stacks and the...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
Пікірлер: 294
I’m a simple man... I see Dr. Mike Pound, I click
@allwhatyouwant
3 жыл бұрын
Try that in real life
@PeteMcDonald
3 жыл бұрын
@Peter Lustig We're not gonna feed you here, buddy.
looks like Alice and Bob are in quarantine like the rest of us :)
@eobardthawne6903
3 жыл бұрын
@@AWES0MEDEFENDER it was actually the first one that got so much hype lol
@realshaoran4514
3 жыл бұрын
Poor Alice and Bob, now they can't communicate with each other.
@nirui.o
3 жыл бұрын
@@realshaoran4514 Oh they still can, if they yell really really loud in their room just like my actual neighbors. The only problem is my neighbors knows nothing about TLS.
@ikeralfonso2047
2 жыл бұрын
i dont mean to be so offtopic but does anybody know a tool to log back into an Instagram account?? I stupidly forgot the login password. I would love any tips you can give me
@byronharlem7238
2 жыл бұрын
@Iker Alfonso instablaster :)
Mike is my favorite expert on Computerphile. The way he explains things about security is very clear, but also has some useful historical facts.
@views8962
Жыл бұрын
This is a very engaging way of teaching.
@alext9558
6 ай бұрын
that's the trait of the smartest and impassioned teachers. They're able to get your attention with the toughest topics.
Please do a video on Macromedia Flash - How it worked, how it affected Internet culture and why it's being deprecated.
@MrKarma4ya
3 жыл бұрын
Great Idea!
@miran248
3 жыл бұрын
It started as an alternative (replacement) to gif and as such it had actual frames (12 frames at 12fps would be 1s in length) which were loaded progressively. This means that once actionscript was introduced you could execute the code (show preloaders; play sounds, animations, ..) before the app was fully loaded(!) - that's one of the things i loved about flash and still miss in today's tech. Instead of hundreds of requests that we do today, there were only a few in flash - webassembly might change that.
@RichardBuckerCodes
3 жыл бұрын
I think Microsoft announced that they have permanently removed flash with the latest version of Win10/
@Acorn_Anomaly
3 жыл бұрын
@@RichardBuckerCodes Their built-in version, anyway, that I believe was used for Edge. You can still install it yourself, if you want to for some reason. Google will be removing Flash from Chrome in December.
@Divv
3 жыл бұрын
It was deprecated because browsers started to support video natively with HTML5. Steve Jobs answers this brilliantly on a All Things Digital interview done some years ago.
we are actually using TLS to learn TLS if you think about it
@signalworks
3 жыл бұрын
Same thing for tutorials about anything relating to technology though - JavaScript, html, databases, RF engineering, photolithography, power infrastructure, just to name a few
@h-0058
3 жыл бұрын
@@signalworks You could even say something similar when you learn anything. You are using something to learn how to use that thing For example, you use math to learn how math works
@signalworks
3 жыл бұрын
@@h-0058 I think there's a slight difference between the use of the word "use" - building on basics to learn deeper concepts is one thing, but having the knowledge delivered to you by application of the knowledge itself is another.
5:47 If you think about it, the OSI seven-layer model included a “presentation” layer, between “transport” and “application”, that nobody could fit into the reality of TCP/IP very well. But SSL/TLS fills that layer very nicely.
Dr Mike Pound is my favorite scientist on Computerphile. Also IMHO the best teacher in this domain on KZread.
Ah, yes... the 90s. Great computer times. We had hubs instead of routers. Blasting all the data to all the port, hoping that only the intended recipient would actually grab it. Or token-ring networks, even worse. With the right tools, you could just grab all the data that was intended for other users in the network, like chats, visited websites, video stream. Fun times...
@kaisergurdeep
3 жыл бұрын
🤣 LOL ah fun times
@GamingBlake2002
3 жыл бұрын
Wireless networks work the same way though
@churchers
3 жыл бұрын
The modern replacement for a hub would be a switch really, we still had routers back then and they serve a different purpose to a hub/switch.
@vinny142
3 жыл бұрын
@@GamingBlake2002 Yes but the data is all encrypted so "the right tools" includes getting the encryption key.
@GamingBlake2002
3 жыл бұрын
@@vinny142 But the application data may not necessarily be encrypted, and the encryption done by the router can be reversed, since you're also connected to the network and therefore have the key.
Having been one of the original designers of the ISO 7 layer model - I find this fascinating (way back before it was known as the 7 layered model {middle/late 1970's}) . My - how far we've progressed! We had no idea that internet/ATM/streaming TV etc would eventually manifest from our ideas.
@RARPoodlefaker
3 жыл бұрын
@@havetacitblue Hi, yep - it's just amazing how things have progressed. I still love IT and all it's weirdness. GEEKY BOYS RULE!
@havetacitblue
3 жыл бұрын
@@RARPoodlefaker I’ve been burned out multiple times since 1980. TLS and security in general have given me a new lease on life...Buggy though it all may be.
@genehenson8851
2 ай бұрын
So you’re to blame!
The "history lesson" in the first half was extremely helpful. I find it much easier to understand concepts and that they are much stickier in the memory with the story. thanks
Seeing the Netscape browser makes me so nostalgic! My first time using the internet at age 20 :)
Thank you for this video. Im a networking student and theres all sorts of little tidbits that professors miss (they only have so many hours for lectures). I'm truely grateful for this channel as a whole.
Mike is always my favourite guest
can't stress enough how mike's history lessons are the reason why we understand so much from him :-)
The world needs the part 2 of this video! Nicely done guys!
Another entertaining and educational Computerphile. Each academic has an interesting style and presentation, if Mike Pound is not just research-based but takes the odd class, It would be interesting to watch a vox pop from a cohort of his students to see if they enjoy his classes as much as I enjoy his presentation style. There could well be a whole documentary lurking in the background based on following the presenters over a semester. Their challenges of funding, hierarchy, student and staff interaction, the production of Computerphile, resources, and more. 👀
Great intro! Would love to see DTLS & TLS 1.3 covered in the future!
@autohmae
3 жыл бұрын
I suspect 2 or more videos after this, one or 2 going deeper into basically everything up to TLS1.2 and then a third which talks about all the new TLS1.3 stuff.
@Valery0p5
3 жыл бұрын
Bumping this comment because if I remember correctly the older versions of TLS have been deprecated nowadays
@havetacitblue
3 жыл бұрын
Only 1.3 should be used at this point,,,
Roll on the next video! What would I do without DR. Pound's knowledge and Sean's great questions - thanks guys :)
Mike: very, very clever. Sean: Does it ever go wrong? Mike: yes! All the time 14:12
Technically TCP layer packages its data in segments and the IP layer uses datagrams. Sometimes people get confused when the term packet gets used to represent things at the different layers.
Keep getting back here for this, just gets better every iteration...
Anyone ever notice he uses the word "alright" as punctuation?
@christopherlawley1842
3 жыл бұрын
It's a teacher thing
@htcmlcrip
3 жыл бұрын
Ilp start adding alright instead of punctuation in my text
@havetacitblue
3 жыл бұрын
It’s a Limey thing...or sniffing a la Billy Idol.
Loved the history lesson too! Thank you for bringing on the nostalgia. The Netscape N with a starry night was brilliant. I was waiting for a shooting star
I love the blue IE progress bar with the IP shown below.. bring back memories!!!
I'm gonna need that handshake video. These vids are great, and i give them to fledgling infosec people.
Mike Pound is always a pleasure.
Takes me back to around 1984 when I developed, from scratch, a secure IT communication system for the London Metropolitan Police using the Open Systems Interconnection (OSI) 7 layer model, based on the "Blue Book" standard.
It was Dr.Taher Elgamal the security researcher who lead the team for the development of SSL at Netscape. He is known as the “Father of SSL”.
Looking forward to part 2. Side-note, the amount of times the OSI model is referenced but i dont think i ever saw a vid on it. I'd love an in-depth one on that.
@playmaker4053
3 жыл бұрын
honnest, hold a entire OSI model on a 20minutes format video isnt reallistic, 4-5videos maybe
@marklonergan3898
3 жыл бұрын
@@playmaker4053 only talking about doing an overview. Wasn't suggesting going into detail about each protocol or anything. Anyone that knows the model well could easily talk about it for hours, but that doesn't mean you can't give a 20-minute overview to anyone that doesn't know it. For each layer, here's the name, its overall purpose is this, here is a list of a few of the protocols at this layer. Even this approach might be helpful to newcomers and would only take a few minutes to list, leaving plenty of room to go into more detail where they want and leave room for padding with banter. 🤣
Love videos from Dr Mike!
This video is awesome. I've dealt with both SSL and TLS, even had to cherry pick ciphers for a reliable (safe) SSL, I figured there was some history behind this mess but didn't expect it to be so interesting :-) admittedly Mike makes everything interesting hahaha!
Well explained the history, I would love to watch him talking about POODLE, BEAST, BREACH, CRIME attacks on different versions of TLS/SSL.
Honestly, don’t apologise for the history lesson! I love them. From you Mike, from Prof Brailsford, it’s all great. The how-to can always come in a later vid (-:
Dr Mike is awesome! Great explanation!
Great video, I love Dr Mike Pound!
Great video and very useful with the history being explained first
I absolutely love Dr.Mike, have been codin' for more than 10 hours today and the sort of satisfaction I get from him explaining is unbelievable. Wish he had a KZread channel
I see Mike, everything else stops.
@shaun_rambaran
3 жыл бұрын
No pen spins today, but I just noticed his very strange common P.
@klyanadkmorr
3 жыл бұрын
Da POUND, POUNDin it
whoa, wait up. The video ended??!?!?!?! I was learning so much!!! Also, keep bringing the history lessons. Very helpful!!!
Great educational video as usual 👍
I really enjoyed those 9.5 minutes of history lesson!
I vote for another video talking about the handshakes.
Excellent video. NN and IE history was really interesting. Next video... Public Key Authentication process?
Rooooters? Lol this guy is my hero. I love the off the cuff history lesson and technical info simultaneously.
So well explained! Thanks!
Love it. Keep up with the good work! thanks!
You guys are awesome to say the least!
Very nice .. next video can you explain the low level details.. exchanges between client server and CAs public side ?
I am watching my previous teacher’s KZread video to prepare for my current job interview 😂
I wanna hear Mike say "My name is Pound, Mike Pound"
Please I can't wait for next video!!!!!!!
MS are still but wholes albeit in more subtle ways now. Thanks for reminding and/or educating on that topic 😉
Love these videos, they're really informative and break things down nicely to be understandable. Please keep making them. However, why is the host Sean Riley dressed up as the Ready-Brek man!? 😁👍
The history lesson was quite important, in my opinion. So thanks for that.
Thank you as always for wonderful content. I really wish I lived closer to your University so I could take classes in person (when the human malware is over). It's also nice to see another lefty. 👍😂
I love how the brown paper got upgraded
Could you do a video on STARTTLS/STLS and how it differs from normal TLS?
Excellent explanation
Great to see what carries you away :D
Am I more drunk than expected, or is the background shifting colors, especially towards the end of the video?
@Computerphile
3 жыл бұрын
Yes Mike's camera is on auto white balance and the sun kept coming out changing the brightness & colour temperature - hth -Sean
This channel is super cool!
Wow this awesome man!
Well done. 👍 Simple enough for beginners. Just right.
A video about the weak implementation of the DeFi protocol in Harvest exploit would be interesting. The attacker used a padding oracle attack as I understood.
Loved the history lesson in the beginning
Better than a 2h lecture i had today.
Does anybody know what program Dr Pound is using to draw on his surface tablet?
Great content. May I recommend a lav lapel mic for Dr. Mike Pound? The room reverb was a tiny bit distracting
Great video.
I do have question on how our udp works with tsl. Suppose we are having a video call on zoom, we are using udp for video and voice right? how are those communications secured?
Excellent professor
Can you comment on services that are using wildcard certs for encrypting, especially CDNs where this could create major inter-tenant security issues...
A video on TLS handshaking would be interesting.
Dr. Pound was touched by the Hand of Midas for this one
This was timely - I'm using IISCrypto to harden some web servers all week. Thank you.
Can I request a topic? I'd love to see some videos about HTTP/3 and QUIC
This guy is the best !!
This is an abstract view of TLS. Waiting for the Next One
@rasathuraisivaram8301
3 жыл бұрын
@Stay EZ My Friends Thanks Buddy
I thought he was Jared from Silicon valley. 🤣
@jamcuber8519
3 жыл бұрын
LOL, actually true
It's an interesting coincidence that hash symbol (#) is also called a 'pound' and Dr. Pound is talking about cryptography :-)
MIke Pound : The Richard Feynman of computer science
This guy is awesome!
9:33 THAT'S A DISCORD NOTIFICATION BEEP ! So you're using Zoom, Teams, and Discord ? Interesting
Yes please make another video showing the handshakes etc :D
how can hearthbleed extract ram of other programs? are they locked in virtual memory space?
Does tls prevent eavesdropping when using proxies or vpns?
Could someone please tell me what tablet is that and which software if you know about it?
the history is certainly useful for understanding why the technology is as it is today.it's not just a nostalgia trip
What odd timing. Just last week I was having a problem where everything that used TLS, notably KZread, was extremely slow while anything that didn't, notably games, worked perfectly fine. After much work, I was able to narrow the problem down to TLS but nothing I did fixed it. And yes, I tried everything that should've fixed it. In the end, it seems to have fixed itself and I suspect it was an ISP problem... Oh, well, I learned quite a bit about how networking works and changed to a better browser...
I know it's not used in web browsers, so much, but what about SSH for transport security. Very common in data transfer scenarios.
4:37 SSL: Secure Socket Slayer
What is the relationship between TLS and certificates? Do you ~need~ certificates to make use of TLS or certificates are just a nice way to pass public keys around?
@superjugy
3 жыл бұрын
I'm pretty sure you need them. otherwise Man in the middle attacks are possible.
@666Tomato666
3 жыл бұрын
you don't need certificates, you can use pre-shared symmetric keys, then you use PSK key exchange or you can use raw keys, then you need to have some other way to know if you're getting the right key from the server or not
@EngineeringVignettes
3 жыл бұрын
Certificates are a container for keys that are authenticated through a process called signing. They can be self-signed (usable but considered very dodgy) or they can be held by a certificates server (certificate authority, or CA) which is guaranteed to be an "Honest Ed" source, aka a _Root of Trust_ . Your browser holds a list of CA's to authenticate that the peer (eg. web server) is who it says it is. This is my brief explanation of *a* certificate, it's a bit more complicated then that. also I am not guaranteeing that it's all in-line with actual TLS operations; I am basing the explanation on a similar system, CurveCP using the Curve25519 elliptical encryption. I believe it's close. Cheers,
@iabervon
3 жыл бұрын
I believe that TLS requires a certificate as a single thing to transfer that includes both a key and proof that this is the right key. It doesn't require the standard PKI with the CAs like LetsEncrypt abd Verisign, though; the server can present any certificate that chains back to a certificate that the client trusts, and the client could have gotten that certificate in a variety of ways. For example, a chat client can contain the certificate that's expected to have signed the server certificate for the server the client will connect to.
@boring7823
3 жыл бұрын
Different configurations both require and don't require certificates. Older algorithms use public/private keypair to encrypt the transfer of the symmetrical keys that encrypt the data and so require one. Modern algorithms use Diffie-Hellman (and ECDHE) to agree a shared key without reference to the public key and so only use the certificate for authentication. Older protocol versions allowed a pre-shared key variants of the algorithms; these are not available in modern versions. Bottom line; yes certificates are now required, however, they only have to be publicly notarised if you want the public to connect to your server.
I like the history lessons. No need to apologise for the history lessons!
Realy like when he talk about the history.
Who is this teacher? Does he do any online training or something ? Would love to be a student of his. His explanations are by far most constructive and most ear pleasing to hear.
Hey, I liked the history lesson!
6:52 you don't need to patent something to stop others from doing so. You just release it into the public domain, automatically preventing any future patents.
So hypothetically, this concept can also be applied in other communication protocols like I2C, SPI or USB? For example, a company can provide authenticated USB flash drives with laptops to make sure only those can be used and other random drives won't be able to connect to the machines? 🤔
@mayur7262
3 жыл бұрын
@Stay EZ My Friends thanks! didn't know about that. Something new! 😃👍
@Jackk4456
3 жыл бұрын
If you create or use a protocol that does what the layers under TLS do (TCP, IP, ETH) then yes, it'll work as a layer above that protocol. You can probably even reuse existing TLS implementations.
@superjugy
3 жыл бұрын
TLS is built on top of TCP/IP so it is probably not interchangeable to other protocols as is. the other protocols would require to be similar to TCP to work. But the biggest question is why would you want TLS in other protocols. specially USBs. USBs require a physical connection, so, you should know what you are connecting. Also, TLS relies on certificates, which would make it hard for low level devices to carry around it's private certificate around
@superjugy
3 жыл бұрын
@Stay EZ My Friends Which part exactly?
@mayur7262
3 жыл бұрын
@@superjugy yeah I didn't mean actual TLS as-is into the other ones. The reason someone would want authentication even for short physical connections remains the same. If I am replacing a battery pack in my car or color cartridge in my printer, I would be curious to know if those add-ons are authentic or not. Just an example.
I wish this guy's my mentor.
13:29 Good question!