Upgrade to Pro — share decks privately, control downloads, hide ads and more …

URL to HTML

URL to HTML

What happens in between the time you type a URL in your browser and the time you see the fully rendered page.

Francois Marier

April 22, 2015
Tweet

More Decks by Francois Marier

Other Decks in Programming

Transcript

  1. URL to HTML
    a minute in the life of a webpage
    François Marier @fmarier
    mozilla

    View full-size slide

  2. mozilla newmarket

    View full-size slide

  3. 8 engineers
    1 designer

    View full-size slide

  4. 8 engineers
    1 designer
    1 manager

    View full-size slide

  5. video & media
    marketplace
    cloud services
    crash investigation

    View full-size slide

  6. video & media
    firefox ux
    cloud services
    crash investigation

    View full-size slide

  7. video & media
    firefox ux
    security & privacy
    crash investigation

    View full-size slide

  8. video & media
    firefox ux
    security & privacy
    layout

    View full-size slide

  9. > 1,000 employees world-wide

    View full-size slide

  10. 1. Learn HTML
    2. ?
    3. Profit !

    View full-size slide

  11. abstractions

    View full-size slide

  12. asbtraction
    construct used to understand a
    complicated topic at a high level

    View full-size slide

  13. asbtraction
    extra layer added to avoid writing
    the same code over and over

    View full-size slide

  14. drawSquare()

    View full-size slide

  15. drawSquare()

    View full-size slide

  16. if you don't understand the
    layers below, you won't know what
    to do when the abstraction breaks

    View full-size slide

  17. mastery
    requires a high-level understanding
    of the rest of the stack

    View full-size slide

  18. web performance

    View full-size slide

  19. web performance
    how bytes make it to the user

    View full-size slide

  20. web performance
    how bytes make it to the user
    how the browser renders the page

    View full-size slide

  21. URL
    DNS
    IP
    TCP
    HTTP / TLS
    HTML

    View full-size slide

  22. URL
    DNS
    IP
    TCP
    HTTP / TLS
    HTML

    View full-size slide

  23. URL
    uniform ressource locator

    View full-size slide

  24. http://www.example.com

    View full-size slide

  25. http://www.example.com

    View full-size slide

  26. http://www.example.com
    /articles/

    View full-size slide

  27. http://www.example.com
    /articles/tutorial.cgi

    View full-size slide

  28. http://www.example.com
    /articles/tutorial.cgi
    ?showsolutions=0&topic=web

    View full-size slide

  29. http://www.example.com
    /articles/tutorial.cgi
    ?showsolutions=0&topic=web
    #part5

    View full-size slide

  30. http://www.example.com:80
    /articles/tutorial.cgi
    ?showsolutions=0&topic=web
    #part5

    View full-size slide

  31. http://username:password@
    www.example.com:80
    /articles/tutorial.cgi
    ?showsolutions=0&topic=web
    #part5

    View full-size slide

  32. DNS
    domain name system

    View full-size slide

  33. $ cat /etc/resolv.conf
    nameserver 208.67.222.222
    nameserver 208.67.220.220

    View full-size slide

  34. www.cs.auckland.ac.nz

    View full-size slide

  35. www.cs.auckland.ac.nz
    130.216.158.22

    View full-size slide

  36. $ dig nz NS @199.7.83.42

    View full-size slide

  37. $ dig nz NS @199.7.83.42
    ; <<>> DiG 9.8.1-P1 <<>> nz NS @199.7.83.42
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 412
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADD
    ;; WARNING: recursion requested but not available
    ;; QUESTION SECTION:
    ;nz. IN NS
    ;; AUTHORITY SECTION:
    nz. 172800 IN NS ns1.dns.net.nz.
    nz. 172800 IN NS ns2.dns.net.nz.
    nz. 172800 IN NS ns3.dns.net.nz.
    nz. 172800 IN NS ns4.dns.net.nz.
    nz. 172800 IN NS ns5.dns.net.nz.
    nz. 172800 IN NS ns6.dns.net.nz.
    nz. 172800 IN NS ns7.dns.net.nz.

    View full-size slide

  38. $ dig ac.nz NS @ns1.dns.net.nz

    View full-size slide

  39. $ dig ac.nz NS @ns1.dns.net.nz
    ; <<>> DiG 9.8.1-P1 <<>> ac.nz NS @ns1.dns.net.nz
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 391
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0,
    ;; WARNING: recursion requested but not available
    ;; QUESTION SECTION:
    ;ac.nz. IN NS
    ;; ANSWER SECTION:
    ac.nz. 86400IN NS ns7.dns.net.nz.
    ac.nz. 86400IN NS ns4.dns.net.nz.
    ac.nz. 86400IN NS ns2.dns.net.nz.
    ac.nz. 86400IN NS ns1.dns.net.nz.
    ac.nz. 86400IN NS ns6.dns.net.nz.
    ac.nz. 86400IN NS ns3.dns.net.nz.
    ac.nz. 86400IN NS ns5.dns.net.nz.

    View full-size slide

  40. $ dig auckland.ac.nz NS @ns1.dns.net.nz

    View full-size slide

  41. $ dig auckland.ac.nz NS @ns1.dns.net.nz
    ; <<>> DiG 9.8.1-P1 <<>> auckland.ac.nz NS @ns1.dns.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 598
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADD
    ;; WARNING: recursion requested but not available
    ;; QUESTION SECTION:
    ;auckland.ac.nz. IN NS
    ;; AUTHORITY SECTION:
    auckland.ac.nz. 86400IN NS pubsec.domainz.net.nz.
    auckland.ac.nz. 86400IN NS dns1.auckland.ac.nz.
    auckland.ac.nz. 86400IN NS dns2.auckland.ac.nz.
    ;; ADDITIONAL SECTION:
    dns1.auckland.ac.nz.86400IN A 130.216.1.2
    dns2.auckland.ac.nz.86400IN A 130.216.1.1

    View full-size slide

  42. $ dig cs.auckland.ac.nz NS @dns1.auckland.ac.nz

    View full-size slide

  43. $ dig cs.auckland.ac.nz NS @dns1.auckland.ac.nz
    ; <<>> DiG 9.8.1-P1 <<>> cs.auckland.ac.nz NS @dns1.auc
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 485
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0,
    ;; WARNING: recursion requested but not available
    ;; QUESTION SECTION:
    ;cs.auckland.ac.nz. IN NS
    ;; ANSWER SECTION:
    cs.auckland.ac.nz. 10800 IN NS dns2.auckland.ac.nz.
    cs.auckland.ac.nz. 10800 IN NS kronos2.cs.auckland.ac.n
    cs.auckland.ac.nz. 10800 IN NS dns1.auckland.ac.nz.
    cs.auckland.ac.nz. 10800 IN NS kronos1.cs.auckland.ac.n
    ;; ADDITIONAL SECTION:
    dns1.auckland.ac.nz.1800 IN A 130.216.1.2

    View full-size slide

  44. $ dig www.cs.auckland.ac.nz @kronos1.cs.auckland.ac.nz

    View full-size slide

  45. $ dig www.cs.auckland.ac.nz @kronos1.cs.auckland.ac.nz
    ; <<>> DiG 9.8.1-P1 <<>> www.cs.auckland.ac.nz A @krono
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 175
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4,
    ;; WARNING: recursion requested but not available
    ;; QUESTION SECTION:
    ;www.cs.auckland.ac.nz. IN A
    ;; ANSWER SECTION:
    www.cs.auckland.ac.nz. 10800 IN A 130.216.158.22
    ;; AUTHORITY SECTION:
    cs.auckland.ac.nz. 10800IN NS kronos2.cs.auckland.ac.nz
    cs.auckland.ac.nz. 10800IN NS dns2.auckland.ac.nz.
    cs.auckland.ac.nz. 10800IN NS dns1.auckland.ac.nz.
    cs.auckland.ac.nz. 10800IN NS kronos1.cs.auckland.ac.nz

    View full-size slide

  46. l.root-servers.net
    ns1.dns.net.nz
    ns1.dns.net.nz
    dns1.auckland.ac.nz
    kronos1.cs.auckland.ac.nz

    View full-size slide

  47. l.root-servers.net
    ns1.dns.net.nz
    ns1.dns.net.nz
    dns1.auckland.ac.nz
    kronos1.cs.auckland.ac.nz

    View full-size slide

  48. l.root-servers.net
    ns1.dns.net.nz
    ns1.dns.net.nz
    dns1.auckland.ac.nz
    kronos1.cs.auckland.ac.nz

    View full-size slide

  49. l.root-servers.net
    ns1.dns.net.nz
    ns1.dns.net.nz
    dns1.auckland.ac.nz
    kronos1.cs.auckland.ac.nz

    View full-size slide

  50. l.root-servers.net
    ns1.dns.net.nz
    ns1.dns.net.nz
    dns1.auckland.ac.nz
    kronos1.cs.auckland.ac.nz

    View full-size slide

  51. IP
    internet protocol

    View full-size slide

  52. www.bbc.co.uk
    212.58.246.94

    View full-size slide

  53. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View full-size slide

  54. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View full-size slide

  55. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View full-size slide

  56. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View full-size slide

  57. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View full-size slide

  58. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View full-size slide

  59. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View full-size slide

  60. 130.216.158.22
    212.58.246.94

    View full-size slide

  61. 130.216.158.22
    212.58.246.94
    router drops packets
    packets arrive in wrong order

    View full-size slide

  62. 130.216.158.22
    212.58.246.94
    router drops packets
    cable is cut
    packets arrive in wrong order

    View full-size slide

  63. 130.216.158.22
    212.58.246.94
    router drops packets
    cable is cut
    packets arrive in wrong order

    View full-size slide

  64. ideal network actual network

    View full-size slide

  65. TCP
    transmission control protocol

    View full-size slide

  66. guarantees in-order
    delivery of packets

    View full-size slide

  67. abstraction of a reliable point-to-point
    connection with built-in re-try logic

    View full-size slide

  68. applications have a lot
    less errors to deal with

    View full-size slide

  69. UDP
    user datagram protocol

    View full-size slide

  70. reminder: abstractions are leaky

    View full-size slide

  71. 3-way handshake
    establishing a new connection

    View full-size slide

  72. client server

    View full-size slide

  73. client
    SYN
    x=42
    server

    View full-size slide

  74. client
    SYN
    x=42
    SYN+ACK
    y=10,x=43
    server

    View full-size slide

  75. client
    SYN
    x=42
    SYN+ACK
    y=10,x=43
    ACK
    y=11
    server

    View full-size slide

  76. HTTP
    hypertext transfer protocol

    View full-size slide

  77. http://www.example.com

    View full-size slide

  78. http://www.example.com

    View full-size slide

  79. clear text protocol

    View full-size slide

  80. client
    request
    server

    View full-size slide

  81. client
    request
    response
    server

    View full-size slide

  82. Host: www.example.com
    User-Agent: Mozilla/5.0 (rv:29.0) Firefox/29.0
    DNT: 1

    View full-size slide

  83. Host: www.example.com
    User-Agent: Mozilla/5.0 (rv:29.0) Firefox/29.0
    DNT: 1

    View full-size slide

  84. Content-Type: text/html
    Date: Thu, 22 May 2014 05:34:47 GMT
    Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
    Content-Length: 1270



    Example Domain



    Example Domain
    This domain is established to be used for
    domain in examples without prior coordination



    View full-size slide

  85. 404 Not Found

    View full-size slide

  86. $ curl http://www.example.com



    Example Domain



    Example Domain
    This domain is established to be used for
    domain in examples without prior coordinatio



    View full-size slide

  87. $ curl --head http://www.example.com
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cache-Control: max-age=604800
    Content-Type: text/html
    Date: Thu, 22 May 2014 05:42:26 GMT
    Etag: "359670651"
    Expires: Thu, 29 May 2014 05:42:26 GMT
    Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
    Server: ECS (cpm/F858)
    X-Cache: HIT
    x-ec-custom-error: 1
    Content-Length: 1270

    View full-size slide

  88. verbs
    (fancy word for commands)

    View full-size slide

  89. GET /article/43228

    View full-size slide

  90. GET /article/43228
    GET /article/43228

    View full-size slide

  91. GET /article/43228
    POST /article/delete/last

    View full-size slide

  92. GET /article/43228
    POST /article/delete/last
    POST /article/delete/last

    View full-size slide

  93. GET /article/43228
    POST /item/20/buy
    POST /item/20/buy
    $$$
    $$$

    View full-size slide

  94. TLS
    transport layer security

    View full-size slide

  95. SSL
    secure sockets layer

    View full-size slide

  96. HTTPS
    hypertext transfer protocol secure

    View full-size slide

  97. secure
    (sometimes)

    View full-size slide

  98. client server
    (pk, sk)

    View full-size slide

  99. client
    hello!
    server
    (pk, sk)

    View full-size slide

  100. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)

    View full-size slide

  101. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)
    session key

    View full-size slide

  102. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt
    pk
    (session key)
    server
    (pk, sk)
    session key

    View full-size slide

  103. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt
    pk
    (session key)
    server
    (pk, sk)
    session key
    session key

    View full-size slide

  104. man-in-the-middle

    View full-size slide

  105. client server
    (pk, sk)

    View full-size slide

  106. client server
    (pk, sk)
    NSA
    (pk, sk)

    View full-size slide

  107. client
    hello!
    server
    (pk, sk)
    NSA
    (pk, sk)

    View full-size slide

  108. client
    hello!
    server
    (pk, sk)
    NSA
    (pk, sk)
    hello!

    View full-size slide

  109. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)
    NSA
    (pk, sk)
    hello!

    View full-size slide

  110. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey

    View full-size slide

  111. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey

    View full-size slide

  112. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey

    View full-size slide

  113. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey
    key

    View full-size slide

  114. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    key

    View full-size slide

  115. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    key
    key

    View full-size slide

  116. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    key
    key

    View full-size slide

  117. authentication
    (of the server)

    View full-size slide

  118. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)
    session key

    View full-size slide

  119. client
    hello!
    hello!
    signed pubkey
    server
    (pk, sk)
    session key
    verify
    signature

    View full-size slide

  120. client
    hello!
    hello!
    signed pubkey
    server
    (pk, sk)
    session key
    verify
    signature
    i'm done!
    encrypt
    pk
    (session key)
    session key

    View full-size slide

  121. client
    hello!
    hello!
    signed pubkey
    server
    (pk, sk)
    NSA
    (pk, sk)
    hello!
    hello!
    signed pubkey
    key

    View full-size slide

  122. client
    hello!
    hello!
    signed pubkey
    server
    (pk, sk)
    NSA
    (pk, sk)
    hello!
    hello!
    signed pubkey
    key
    abort!

    View full-size slide

  123. how can you tell you're
    talking to the right person?
    (and not to the NSA)

    View full-size slide

  124. trusted third-party
    certificate authority

    View full-size slide

  125. trusted third-party
    certificate authority

    View full-size slide

  126. EFF has found
    more than
    650
    certificate
    authorities
    in the wild

    View full-size slide

  127. *.google.com

    View full-size slide

  128. *.google.com

    View full-size slide

  129. *.google.com

    View full-size slide

  130. *.google.com 7 different domains

    View full-size slide

  131. *.google.com 7 different domains

    View full-size slide

  132. $1,000
    $1,000
    $100

    View full-size slide

  133. HTML
    hypertext markup language

    View full-size slide

  134. .png
    .jpg .js .css

    View full-size slide

  135. resolve all hostnames
    establish TCP connections
    negotiate TLS session
    URL
    DNS
    IP
    TCP
    HTTP / TLS
    HTML

    View full-size slide

  136. wanna know more?
    https://github.com/alex/what-happens-when/blob/master/README.rst
    USB protocol
    ARP resolution
    browser networking stack
    rendering engine
    HTML parsing
    CSS interpretation

    View full-size slide

  137. Copyright © 2015 Francois Marier
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
    leaky pipe: https://www.flickr.com/photos/ifl/3920636654
    leaky pipe with elephant: https://www.flickr.com/photos/rcrhee/10785374875
    sky tower: https://www.flickr.com/photos/elisfanclub/6120863439
    golden gate: https://www.flickr.com/photos/jeffgunn/6663212147
    san jose: https://www.flickr.com/photos/the_tahoe_guy/3183673224
    statue of liberty: https://www.flickr.com/photos/suewaters/7574642942
    big ben: https://www.flickr.com/photos/timmorris/3103896345
    bbc house: https://www.flickr.com/photos/redvers/532073098
    fingers crossed: https://www.flickr.com/photos/bearpark/6861722073
    prince charles : http://en.wikipedia.org/wiki/File:Prince_Charles_2012.jpg
    southern cross cable: https://en.wikipedia.org/wiki/File:Southern_Cross_Cable_route.svg
    image credits

    View full-size slide