Upgrade to Pro — share decks privately, control downloads, hide ads and more …

URL to HTML

URL to HTML

What happens in between the time you type a URL in your browser and the time you see the fully rendered page.

Francois Marier

April 22, 2015
Tweet

More Decks by Francois Marier

Other Decks in Programming

Transcript

  1. URL to HTML
    a minute in the life of a webpage
    François Marier @fmarier
    mozilla

    View Slide

  2. mozilla newmarket

    View Slide

  3. 8 engineers

    View Slide

  4. 8 engineers
    1 designer

    View Slide

  5. 8 engineers
    1 designer
    1 manager

    View Slide

  6. video & media
    marketplace
    cloud services
    crash investigation

    View Slide

  7. video & media
    firefox ux
    cloud services
    crash investigation

    View Slide

  8. video & media
    firefox ux
    security & privacy
    crash investigation

    View Slide

  9. video & media
    firefox ux
    security & privacy
    layout

    View Slide

  10. > 1,000 employees world-wide

    View Slide

  11. >

    View Slide

  12. View Slide

  13. 1. Learn HTML
    2. ?
    3. Profit !

    View Slide

  14. View Slide

  15. View Slide

  16. abstractions

    View Slide

  17. asbtraction
    construct used to understand a
    complicated topic at a high level

    View Slide

  18. asbtraction
    extra layer added to avoid writing
    the same code over and over

    View Slide

  19. drawSquare()

    View Slide

  20. drawLine()

    View Slide

  21. drawLine()

    View Slide

  22. drawLine()

    View Slide

  23. drawLine()

    View Slide

  24. View Slide

  25. drawSquare()

    View Slide

  26. View Slide

  27. if you don't understand the
    layers below, you won't know what
    to do when the abstraction breaks

    View Slide

  28. mastery
    requires a high-level understanding
    of the rest of the stack

    View Slide

  29. web performance

    View Slide

  30. web performance
    how bytes make it to the user

    View Slide

  31. web performance
    how bytes make it to the user
    how the browser renders the page

    View Slide

  32. URL
    DNS
    IP
    TCP
    HTTP / TLS
    HTML

    View Slide

  33. URL
    DNS
    IP
    TCP
    HTTP / TLS
    HTML

    View Slide

  34. URL
    uniform ressource locator

    View Slide

  35. http://www.example.com

    View Slide

  36. http://www.example.com

    View Slide

  37. http://www.example.com
    /articles/

    View Slide

  38. http://www.example.com
    /articles/tutorial.cgi

    View Slide

  39. http://www.example.com
    /articles/tutorial.cgi
    ?showsolutions=0&topic=web

    View Slide

  40. http://www.example.com
    /articles/tutorial.cgi
    ?showsolutions=0&topic=web
    #part5

    View Slide

  41. http://www.example.com:80
    /articles/tutorial.cgi
    ?showsolutions=0&topic=web
    #part5

    View Slide

  42. http://username:[email protected]
    www.example.com:80
    /articles/tutorial.cgi
    ?showsolutions=0&topic=web
    #part5

    View Slide

  43. DNS
    domain name system

    View Slide

  44. $ cat /etc/resolv.conf
    nameserver 208.67.222.222
    nameserver 208.67.220.220

    View Slide

  45. View Slide

  46. www.cs.auckland.ac.nz

    View Slide

  47. www.cs.auckland.ac.nz
    130.216.158.22

    View Slide

  48. View Slide

  49. $ dig nz NS @199.7.83.42

    View Slide

  50. $ dig nz NS @199.7.83.42
    ; <<>> DiG 9.8.1-P1 <<>> nz NS @199.7.83.42
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADD
    ;; WARNING: recursion requested but not available
    ;; QUESTION SECTION:
    ;nz. IN NS
    ;; AUTHORITY SECTION:
    nz. 172800 IN NS ns1.dns.net.nz.
    nz. 172800 IN NS ns2.dns.net.nz.
    nz. 172800 IN NS ns3.dns.net.nz.
    nz. 172800 IN NS ns4.dns.net.nz.
    nz. 172800 IN NS ns5.dns.net.nz.
    nz. 172800 IN NS ns6.dns.net.nz.
    nz. 172800 IN NS ns7.dns.net.nz.

    View Slide

  51. $ dig ac.nz NS @ns1.dns.net.nz

    View Slide

  52. $ dig ac.nz NS @ns1.dns.net.nz
    ; <<>> DiG 9.8.1-P1 <<>> ac.nz NS @ns1.dns.net.nz
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0,
    ;; WARNING: recursion requested but not available
    ;; QUESTION SECTION:
    ;ac.nz. IN NS
    ;; ANSWER SECTION:
    ac.nz. 86400IN NS ns7.dns.net.nz.
    ac.nz. 86400IN NS ns4.dns.net.nz.
    ac.nz. 86400IN NS ns2.dns.net.nz.
    ac.nz. 86400IN NS ns1.dns.net.nz.
    ac.nz. 86400IN NS ns6.dns.net.nz.
    ac.nz. 86400IN NS ns3.dns.net.nz.
    ac.nz. 86400IN NS ns5.dns.net.nz.

    View Slide

  53. $ dig auckland.ac.nz NS @ns1.dns.net.nz

    View Slide

  54. $ dig auckland.ac.nz NS @ns1.dns.net.nz
    ; <<>> DiG 9.8.1-P1 <<>> auckland.ac.nz NS @ns1.dns.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADD
    ;; WARNING: recursion requested but not available
    ;; QUESTION SECTION:
    ;auckland.ac.nz. IN NS
    ;; AUTHORITY SECTION:
    auckland.ac.nz. 86400IN NS pubsec.domainz.net.nz.
    auckland.ac.nz. 86400IN NS dns1.auckland.ac.nz.
    auckland.ac.nz. 86400IN NS dns2.auckland.ac.nz.
    ;; ADDITIONAL SECTION:
    dns1.auckland.ac.nz.86400IN A 130.216.1.2
    dns2.auckland.ac.nz.86400IN A 130.216.1.1

    View Slide

  55. $ dig cs.auckland.ac.nz NS @dns1.auckland.ac.nz

    View Slide

  56. $ dig cs.auckland.ac.nz NS @dns1.auckland.ac.nz
    ; <<>> DiG 9.8.1-P1 <<>> cs.auckland.ac.nz NS @dns1.auc
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0,
    ;; WARNING: recursion requested but not available
    ;; QUESTION SECTION:
    ;cs.auckland.ac.nz. IN NS
    ;; ANSWER SECTION:
    cs.auckland.ac.nz. 10800 IN NS dns2.auckland.ac.nz.
    cs.auckland.ac.nz. 10800 IN NS kronos2.cs.auckland.ac.n
    cs.auckland.ac.nz. 10800 IN NS dns1.auckland.ac.nz.
    cs.auckland.ac.nz. 10800 IN NS kronos1.cs.auckland.ac.n
    ;; ADDITIONAL SECTION:
    dns1.auckland.ac.nz.1800 IN A 130.216.1.2

    View Slide

  57. $ dig www.cs.auckland.ac.nz @kronos1.cs.auckland.ac.nz

    View Slide

  58. $ dig www.cs.auckland.ac.nz @kronos1.cs.auckland.ac.nz
    ; <<>> DiG 9.8.1-P1 <<>> www.cs.auckland.ac.nz A @krono
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4,
    ;; WARNING: recursion requested but not available
    ;; QUESTION SECTION:
    ;www.cs.auckland.ac.nz. IN A
    ;; ANSWER SECTION:
    www.cs.auckland.ac.nz. 10800 IN A 130.216.158.22
    ;; AUTHORITY SECTION:
    cs.auckland.ac.nz. 10800IN NS kronos2.cs.auckland.ac.nz
    cs.auckland.ac.nz. 10800IN NS dns2.auckland.ac.nz.
    cs.auckland.ac.nz. 10800IN NS dns1.auckland.ac.nz.
    cs.auckland.ac.nz. 10800IN NS kronos1.cs.auckland.ac.nz

    View Slide

  59. l.root-servers.net
    ns1.dns.net.nz
    ns1.dns.net.nz
    dns1.auckland.ac.nz
    kronos1.cs.auckland.ac.nz

    View Slide

  60. l.root-servers.net
    ns1.dns.net.nz
    ns1.dns.net.nz
    dns1.auckland.ac.nz
    kronos1.cs.auckland.ac.nz

    View Slide

  61. l.root-servers.net
    ns1.dns.net.nz
    ns1.dns.net.nz
    dns1.auckland.ac.nz
    kronos1.cs.auckland.ac.nz

    View Slide

  62. l.root-servers.net
    ns1.dns.net.nz
    ns1.dns.net.nz
    dns1.auckland.ac.nz
    kronos1.cs.auckland.ac.nz

    View Slide

  63. l.root-servers.net
    ns1.dns.net.nz
    ns1.dns.net.nz
    dns1.auckland.ac.nz
    kronos1.cs.auckland.ac.nz

    View Slide

  64. IP
    internet protocol

    View Slide

  65. www.bbc.co.uk
    212.58.246.94

    View Slide

  66. View Slide

  67. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View Slide

  68. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View Slide

  69. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View Slide

  70. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View Slide

  71. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View Slide

  72. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View Slide

  73. $ mtr 212.58.246.94
    1. 192.168.1.1
    2. llu.bng1.tvc.orcon.net.nz
    3. xe-3-3-0.cre1.sky.orcon.net.nz
    4. 121.98.9.137
    5. ae1-0.cre2.nct.odyssey.net.nz
    6. ORCON-INTER.bar1.SanFrancisco1.Level3.net
    7. xe-5-0-0.bar1.SanFrancisco1.Level3.net
    8. ae-0-11.bar2.SanFrancisco1.Level3.net
    9. ae-6-6.ebr2.SanJose1.Level3.net
    10. ae-62-62.csw1.SanJose1.Level3.net
    11. ae-61-61.ebr1.SanJose1.Level3.net
    12. ae-2-2.ebr2.NewYork1.Level3.net
    13. ae-62-62.csw1.NewYork1.Level3.net
    14. ae-61-61.ebr1.NewYork1.Level3.net
    15. ae-43-43.ebr2.London1.Level3.net
    16. ae-57-222.csw2.London1.Level3.net
    17. ae-229-3605.edge4.London1.Level3.net
    18. BBC-TECHNOL.edge4.London1.Level3.net
    19. ???
    20. ???
    21. ae0.er01.cwwtf.bbc.co.uk
    22. 132.185.255.165
    23. bbc-vip015.cwwtf.bbc.co.uk

    View Slide

  74. 130.216.158.22
    212.58.246.94

    View Slide

  75. 130.216.158.22
    212.58.246.94
    router drops packets
    packets arrive in wrong order

    View Slide

  76. 130.216.158.22
    212.58.246.94
    router drops packets
    cable is cut
    packets arrive in wrong order

    View Slide

  77. 130.216.158.22
    212.58.246.94
    router drops packets
    cable is cut
    packets arrive in wrong order

    View Slide

  78. ideal network actual network

    View Slide

  79. TCP
    transmission control protocol

    View Slide

  80. guarantees in-order
    delivery of packets

    View Slide

  81. abstraction of a reliable point-to-point
    connection with built-in re-try logic

    View Slide

  82. applications have a lot
    less errors to deal with

    View Slide

  83. UDP
    user datagram protocol

    View Slide

  84. View Slide

  85. TCP UDP

    View Slide

  86. reminder: abstractions are leaky

    View Slide

  87. 3-way handshake
    establishing a new connection

    View Slide

  88. client server

    View Slide

  89. client
    SYN
    x=42
    server

    View Slide

  90. client
    SYN
    x=42
    SYN+ACK
    y=10,x=43
    server

    View Slide

  91. client
    SYN
    x=42
    SYN+ACK
    y=10,x=43
    ACK
    y=11
    server

    View Slide

  92. HTTP
    hypertext transfer protocol

    View Slide

  93. http://www.example.com

    View Slide

  94. http://www.example.com

    View Slide

  95. clear text protocol

    View Slide

  96. client
    request
    server

    View Slide

  97. client
    request
    response
    server

    View Slide

  98. Host: www.example.com
    User-Agent: Mozilla/5.0 (rv:29.0) Firefox/29.0
    DNT: 1

    View Slide

  99. Host: www.example.com
    User-Agent: Mozilla/5.0 (rv:29.0) Firefox/29.0
    DNT: 1

    View Slide

  100. Content-Type: text/html
    Date: Thu, 22 May 2014 05:34:47 GMT
    Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
    Content-Length: 1270



    Example Domain



    Example Domain
    This domain is established to be used for
    domain in examples without prior coordination



    View Slide

  101. 200 OK

    View Slide

  102. 404 Not Found

    View Slide

  103. View Slide

  104. $ curl http://www.example.com



    Example Domain



    Example Domain
    This domain is established to be used for
    domain in examples without prior coordinatio



    View Slide

  105. $ curl --head http://www.example.com
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Cache-Control: max-age=604800
    Content-Type: text/html
    Date: Thu, 22 May 2014 05:42:26 GMT
    Etag: "359670651"
    Expires: Thu, 29 May 2014 05:42:26 GMT
    Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
    Server: ECS (cpm/F858)
    X-Cache: HIT
    x-ec-custom-error: 1
    Content-Length: 1270

    View Slide

  106. verbs
    (fancy word for commands)

    View Slide

  107. GET

    View Slide

  108. POST

    View Slide

  109. GET /article/43228

    View Slide

  110. GET /article/43228
    GET /article/43228

    View Slide

  111. GET /article/43228
    POST /article/delete/last

    View Slide

  112. GET /article/43228
    POST /article/delete/last
    POST /article/delete/last

    View Slide

  113. GET /article/43228
    POST /item/20/buy
    POST /item/20/buy
    $$$
    $$$

    View Slide

  114. View Slide

  115. TLS
    transport layer security

    View Slide

  116. SSL
    secure sockets layer

    View Slide

  117. HTTPS
    hypertext transfer protocol secure

    View Slide

  118. secure
    (sometimes)

    View Slide

  119. client server
    (pk, sk)

    View Slide

  120. client
    hello!
    server
    (pk, sk)

    View Slide

  121. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)

    View Slide

  122. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)
    session key

    View Slide

  123. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt
    pk
    (session key)
    server
    (pk, sk)
    session key

    View Slide

  124. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt
    pk
    (session key)
    server
    (pk, sk)
    session key
    session key

    View Slide

  125. man-in-the-middle

    View Slide

  126. client server
    (pk, sk)

    View Slide

  127. client server
    (pk, sk)
    NSA
    (pk, sk)

    View Slide

  128. client
    hello!
    server
    (pk, sk)
    NSA
    (pk, sk)

    View Slide

  129. client
    hello!
    server
    (pk, sk)
    NSA
    (pk, sk)
    hello!

    View Slide

  130. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)
    NSA
    (pk, sk)
    hello!

    View Slide

  131. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey

    View Slide

  132. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey

    View Slide

  133. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey

    View Slide

  134. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey
    key

    View Slide

  135. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    key

    View Slide

  136. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    key
    key

    View Slide

  137. client
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    server
    (pk, sk)
    key
    NSA
    (pk, sk)
    hello!
    hello!
    pubkey
    i'm done!
    encrypt(key)
    key
    key

    View Slide

  138. authentication
    (of the server)

    View Slide

  139. client
    hello!
    hello!
    pubkey
    server
    (pk, sk)
    session key

    View Slide

  140. client
    hello!
    hello!
    signed pubkey
    server
    (pk, sk)
    session key
    verify
    signature

    View Slide

  141. client
    hello!
    hello!
    signed pubkey
    server
    (pk, sk)
    session key
    verify
    signature
    i'm done!
    encrypt
    pk
    (session key)
    session key

    View Slide

  142. client
    hello!
    hello!
    signed pubkey
    server
    (pk, sk)
    NSA
    (pk, sk)
    hello!
    hello!
    signed pubkey
    key

    View Slide

  143. client
    hello!
    hello!
    signed pubkey
    server
    (pk, sk)
    NSA
    (pk, sk)
    hello!
    hello!
    signed pubkey
    key
    abort!

    View Slide

  144. how can you tell you're
    talking to the right person?
    (and not to the NSA)

    View Slide

  145. trusted third-party
    certificate authority

    View Slide

  146. trusted third-party
    certificate authority

    View Slide

  147. View Slide

  148. EFF has found
    more than
    650
    certificate
    authorities
    in the wild

    View Slide

  149. View Slide

  150. *.google.com

    View Slide

  151. *.google.com

    View Slide

  152. *.google.com

    View Slide

  153. *.google.com 7 different domains

    View Slide

  154. *.google.com 7 different domains

    View Slide

  155. $100

    View Slide

  156. $1,000
    $100

    View Slide

  157. $1,000
    $1,000
    $100

    View Slide

  158. HTML
    hypertext markup language

    View Slide

  159. parsing

    View Slide

  160. .png
    .jpg .js .css

    View Slide

  161. View Slide

  162. View Slide

  163. resolve all hostnames
    establish TCP connections
    negotiate TLS session
    URL
    DNS
    IP
    TCP
    HTTP / TLS
    HTML

    View Slide

  164. @fmarier [email protected]
    questions?

    View Slide

  165. wanna know more?
    https://github.com/alex/what-happens-when/blob/master/README.rst
    USB protocol
    ARP resolution
    browser networking stack
    rendering engine
    HTML parsing
    CSS interpretation

    View Slide

  166. Copyright © 2015 Francois Marier
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
    leaky pipe: https://www.flickr.com/photos/ifl/3920636654
    leaky pipe with elephant: https://www.flickr.com/photos/rcrhee/10785374875
    sky tower: https://www.flickr.com/photos/elisfanclub/6120863439
    golden gate: https://www.flickr.com/photos/jeffgunn/6663212147
    san jose: https://www.flickr.com/photos/the_tahoe_guy/3183673224
    statue of liberty: https://www.flickr.com/photos/suewaters/7574642942
    big ben: https://www.flickr.com/photos/timmorris/3103896345
    bbc house: https://www.flickr.com/photos/redvers/532073098
    fingers crossed: https://www.flickr.com/photos/bearpark/6861722073
    prince charles : http://en.wikipedia.org/wiki/File:Prince_Charles_2012.jpg
    southern cross cable: https://en.wikipedia.org/wiki/File:Southern_Cross_Cable_route.svg
    image credits

    View Slide