Tweet
Tweet

Slide 1

Slide 1 text

URL to HTML a minute in the life of a webpage François Marier @fmarier mozilla

Slide 2

Slide 2 text

mozilla newmarket

Slide 3

Slide 3 text

8 engineers

Slide 4

Slide 4 text

8 engineers 1 designer

Slide 5

Slide 5 text

8 engineers 1 designer 1 manager

Slide 6

Slide 6 text

video & media marketplace cloud services crash investigation

Slide 7

Slide 7 text

video & media marketplace cloud services crash investigation

Slide 8

Slide 8 text

video & media marketplace cloud services crash investigation

Slide 9

Slide 9 text

video & media marketplace cloud services crash investigation

Slide 10

Slide 10 text

> 1,000 employees world-wide

Slide 11

Slide 11 text

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

1. Learn HTML 2. ? 3. Profit !

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

abstractions

Slide 17

Slide 17 text

asbtraction construct used to understand a complicated topic at a high level

Slide 18

Slide 18 text

asbtraction extra layer added to avoid writing the same code over and over

Slide 19

Slide 19 text

drawSquare()

Slide 20

Slide 20 text

drawLine()

Slide 21

Slide 21 text

drawLine()

Slide 22

Slide 22 text

drawLine()

Slide 23

Slide 23 text

drawLine()

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

drawSquare()

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

if you don't understand the layers below, you won't know what to do when the abstraction breaks

Slide 28

Slide 28 text

mastery requires a high-level understanding of the rest of the stack

Slide 29

Slide 29 text

web performance

Slide 30

Slide 30 text

web performance how bytes make it to the user

Slide 31

Slide 31 text

web performance how bytes make it to the user how the browser renders the page

Slide 32

Slide 32 text

URL DNS IP TCP HTTP / TLS HTML

Slide 33

Slide 33 text

URL DNS IP TCP HTTP / TLS HTML

Slide 34

Slide 34 text

URL uniform ressource locator

Slide 35

Slide 35 text

http://www.example.com

Slide 36

Slide 36 text

http://www.example.com

Slide 37

Slide 37 text

http://www.example.com /articles/

Slide 38

Slide 38 text

http://www.example.com /articles/tutorial.cgi

Slide 39

Slide 39 text

http://www.example.com /articles/tutorial.cgi ?showsolutions=0&topic=web

Slide 40

Slide 40 text

http://www.example.com /articles/tutorial.cgi ?showsolutions=0&topic=web #part5

Slide 41

Slide 41 text

http://www.example.com:80 /articles/tutorial.cgi ?showsolutions=0&topic=web #part5

Slide 42

Slide 42 text

http://username:password@ www.example.com:80 /articles/tutorial.cgi ?showsolutions=0&topic=web #part5

Slide 43

Slide 43 text

DNS domain name system

Slide 44

Slide 44 text

$ cat /etc/resolv.conf nameserver 208.67.222.222 nameserver 208.67.220.220

Slide 45

Slide 45 text

No content

Slide 46

Slide 46 text

www.cs.auckland.ac.nz

Slide 47

Slide 47 text

www.cs.auckland.ac.nz 130.216.158.22

Slide 48

Slide 48 text

No content

Slide 49

Slide 49 text

$ dig nz NS @199.7.83.42

Slide 50

Slide 50 text

$ dig nz NS @199.7.83.42 ; <<>> DiG 9.8.1-P1 <<>> nz NS @199.7.83.42 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 412 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADD ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;nz. IN NS ;; AUTHORITY SECTION: nz. 172800 IN NS ns1.dns.net.nz. nz. 172800 IN NS ns2.dns.net.nz. nz. 172800 IN NS ns3.dns.net.nz. nz. 172800 IN NS ns4.dns.net.nz. nz. 172800 IN NS ns5.dns.net.nz. nz. 172800 IN NS ns6.dns.net.nz. nz. 172800 IN NS ns7.dns.net.nz.

Slide 51

Slide 51 text

$ dig ac.nz NS @ns1.dns.net.nz

Slide 52

Slide 52 text

$ dig ac.nz NS @ns1.dns.net.nz ; <<>> DiG 9.8.1-P1 <<>> ac.nz NS @ns1.dns.net.nz ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 391 ;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;ac.nz. IN NS ;; ANSWER SECTION: ac.nz. 86400IN NS ns7.dns.net.nz. ac.nz. 86400IN NS ns4.dns.net.nz. ac.nz. 86400IN NS ns2.dns.net.nz. ac.nz. 86400IN NS ns1.dns.net.nz. ac.nz. 86400IN NS ns6.dns.net.nz. ac.nz. 86400IN NS ns3.dns.net.nz. ac.nz. 86400IN NS ns5.dns.net.nz.

Slide 53

Slide 53 text

$ dig auckland.ac.nz NS @ns1.dns.net.nz

Slide 54

Slide 54 text

$ dig auckland.ac.nz NS @ns1.dns.net.nz ; <<>> DiG 9.8.1-P1 <<>> auckland.ac.nz NS @ns1.dns.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 598 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADD ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;auckland.ac.nz. IN NS ;; AUTHORITY SECTION: auckland.ac.nz. 86400IN NS pubsec.domainz.net.nz. auckland.ac.nz. 86400IN NS dns1.auckland.ac.nz. auckland.ac.nz. 86400IN NS dns2.auckland.ac.nz. ;; ADDITIONAL SECTION: dns1.auckland.ac.nz.86400IN A 130.216.1.2 dns2.auckland.ac.nz.86400IN A 130.216.1.1

Slide 55

Slide 55 text

$ dig cs.auckland.ac.nz NS @dns1.auckland.ac.nz

Slide 56

Slide 56 text

$ dig cs.auckland.ac.nz NS @dns1.auckland.ac.nz ; <<>> DiG 9.8.1-P1 <<>> cs.auckland.ac.nz NS @dns1.auc ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 485 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;cs.auckland.ac.nz. IN NS ;; ANSWER SECTION: cs.auckland.ac.nz. 10800 IN NS dns2.auckland.ac.nz. cs.auckland.ac.nz. 10800 IN NS kronos2.cs.auckland.ac.n cs.auckland.ac.nz. 10800 IN NS dns1.auckland.ac.nz. cs.auckland.ac.nz. 10800 IN NS kronos1.cs.auckland.ac.n ;; ADDITIONAL SECTION: dns1.auckland.ac.nz.1800 IN A 130.216.1.2

Slide 57

Slide 57 text

$ dig www.cs.auckland.ac.nz @kronos1.cs.auckland.ac.nz

Slide 58

Slide 58 text

$ dig www.cs.auckland.ac.nz @kronos1.cs.auckland.ac.nz ; <<>> DiG 9.8.1-P1 <<>> www.cs.auckland.ac.nz A @krono ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 175 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.cs.auckland.ac.nz. IN A ;; ANSWER SECTION: www.cs.auckland.ac.nz. 10800 IN A 130.216.158.22 ;; AUTHORITY SECTION: cs.auckland.ac.nz. 10800IN NS kronos2.cs.auckland.ac.nz cs.auckland.ac.nz. 10800IN NS dns2.auckland.ac.nz. cs.auckland.ac.nz. 10800IN NS dns1.auckland.ac.nz. cs.auckland.ac.nz. 10800IN NS kronos1.cs.auckland.ac.nz

Slide 59

Slide 59 text

l.root-servers.net ns1.dns.net.nz ns1.dns.net.nz dns1.auckland.ac.nz kronos1.cs.auckland.ac.nz

Slide 60

Slide 60 text

l.root-servers.net ns1.dns.net.nz ns1.dns.net.nz dns1.auckland.ac.nz kronos1.cs.auckland.ac.nz

Slide 61

Slide 61 text

l.root-servers.net ns1.dns.net.nz ns1.dns.net.nz dns1.auckland.ac.nz kronos1.cs.auckland.ac.nz

Slide 62

Slide 62 text

l.root-servers.net ns1.dns.net.nz ns1.dns.net.nz dns1.auckland.ac.nz kronos1.cs.auckland.ac.nz

Slide 63

Slide 63 text

l.root-servers.net ns1.dns.net.nz ns1.dns.net.nz dns1.auckland.ac.nz kronos1.cs.auckland.ac.nz

Slide 64

Slide 64 text

IP internet protocol

Slide 65

Slide 65 text

www.bbc.co.uk 212.58.246.94

Slide 66

Slide 66 text

No content

Slide 67

Slide 67 text

$ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk

Slide 68

Slide 68 text

$ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk

Slide 69

Slide 69 text

$ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk

Slide 70

Slide 70 text

$ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk

Slide 71

Slide 71 text

$ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk

Slide 72

Slide 72 text

$ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk

Slide 73

Slide 73 text

$ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk

Slide 74

Slide 74 text

130.216.158.22 212.58.246.94

Slide 75

Slide 75 text

130.216.158.22 212.58.246.94 router drops packets packets arrive in wrong order

Slide 76

Slide 76 text

130.216.158.22 212.58.246.94 router drops packets cable is cut packets arrive in wrong order

Slide 77

Slide 77 text

130.216.158.22 212.58.246.94 router drops packets cable is cut packets arrive in wrong order

Slide 78

Slide 78 text

ideal network actual network

Slide 79

Slide 79 text

TCP transmission control protocol

Slide 80

Slide 80 text

guarantees in-order delivery of packets

Slide 81

Slide 81 text

abstraction of a reliable point-to-point connection with built-in re-try logic

Slide 82

Slide 82 text

applications have a lot less errors to deal with

Slide 83

Slide 83 text

UDP user datagram protocol

Slide 84

Slide 84 text

No content

Slide 85

Slide 85 text

TCP UDP

Slide 86

Slide 86 text

reminder: abstractions are leaky

Slide 87

Slide 87 text

3-way handshake establishing a new connection

Slide 88

Slide 88 text

hi

Slide 89

Slide 89 text

how are you?

Slide 90

Slide 90 text

good, you?

Slide 91

Slide 91 text

client server

Slide 92

Slide 92 text

client SYN x=42 server

Slide 93

Slide 93 text

client SYN x=42 SYN+ACK y=10,x=43 server

Slide 94

Slide 94 text

client SYN x=42 SYN+ACK y=10,x=43 ACK y=11 server

Slide 95

Slide 95 text

HTTP hypertext transfer protocol

Slide 96

Slide 96 text

http://www.example.com

Slide 97

Slide 97 text

http://www.example.com

Slide 98

Slide 98 text

clear text protocol

Slide 99

Slide 99 text

client request server

Slide 100

Slide 100 text

client request response server

Slide 101

Slide 101 text

Host: www.example.com User-Agent: Mozilla/5.0 (rv:29.0) Firefox/29.0 DNT: 1

Slide 102

Slide 102 text

Host: www.example.com User-Agent: Mozilla/5.0 (rv:29.0) Firefox/29.0 DNT: 1

Slide 103

Slide 103 text

Content-Type: text/html Date: Thu, 22 May 2014 05:34:47 GMT Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT Content-Length: 1270 Example Domain

Example Domain

This domain is established to be used for domain in examples without prior coordination

Slide 104

Slide 104 text

200 OK

Slide 105

Slide 105 text

404 Not Found

Slide 106

Slide 106 text

No content

Slide 107

Slide 107 text

$ curl http://www.example.com Example Domain

Example Domain

This domain is established to be used for domain in examples without prior coordinatio

Slide 108

Slide 108 text

$ curl --head http://www.example.com HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=604800 Content-Type: text/html Date: Thu, 22 May 2014 05:42:26 GMT Etag: "359670651" Expires: Thu, 29 May 2014 05:42:26 GMT Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT Server: ECS (cpm/F858) X-Cache: HIT x-ec-custom-error: 1 Content-Length: 1270

Slide 109

Slide 109 text

verbs (fancy word for commands)

Slide 110

Slide 110 text

GET

Slide 111

Slide 111 text

POST

Slide 112

Slide 112 text

GET /article/43228

Slide 113

Slide 113 text

GET /article/43228 GET /article/43228

Slide 114

Slide 114 text

GET /article/43228 POST /article/delete/last

Slide 115

Slide 115 text

GET /article/43228 POST /article/delete/last POST /article/delete/last

Slide 116

Slide 116 text

GET /article/43228 POST /item/20/buy POST /item/20/buy $$$ $$$

Slide 117

Slide 117 text

No content

Slide 118

Slide 118 text

TLS transport layer security

Slide 119

Slide 119 text

SSL secure sockets layer

Slide 120

Slide 120 text

HTTPS hypertext transfer protocol secure

Slide 121

Slide 121 text

secure (sometimes)

Slide 122

Slide 122 text

client server (pk, sk)

Slide 123

Slide 123 text

client hello! server (pk, sk)

Slide 124

Slide 124 text

client hello! hello! pubkey server (pk, sk)

Slide 125

Slide 125 text

client hello! hello! pubkey server (pk, sk) session key

Slide 126

Slide 126 text

client hello! hello! pubkey i'm done! encrypt pk (session key) server (pk, sk) session key

Slide 127

Slide 127 text

client hello! hello! pubkey i'm done! encrypt pk (session key) server (pk, sk) session key session key

Slide 128

Slide 128 text

man-in-the-middle

Slide 129

Slide 129 text

client server (pk, sk)

Slide 130

Slide 130 text

client server (pk, sk) NSA (pk, sk)

Slide 131

Slide 131 text

client hello! server (pk, sk) NSA (pk, sk)

Slide 132

Slide 132 text

client hello! server (pk, sk) NSA (pk, sk) hello!

Slide 133

Slide 133 text

client hello! hello! pubkey server (pk, sk) NSA (pk, sk) hello!

Slide 134

Slide 134 text

client hello! hello! pubkey server (pk, sk) NSA (pk, sk) hello! hello! pubkey

Slide 135

Slide 135 text

client hello! hello! pubkey server (pk, sk) key NSA (pk, sk) hello! hello! pubkey

Slide 136

Slide 136 text

client hello! hello! pubkey i'm done! encrypt(key) server (pk, sk) key NSA (pk, sk) hello! hello! pubkey

Slide 137

Slide 137 text

client hello! hello! pubkey i'm done! encrypt(key) server (pk, sk) key NSA (pk, sk) hello! hello! pubkey key

Slide 138

Slide 138 text

client hello! hello! pubkey i'm done! encrypt(key) server (pk, sk) key NSA (pk, sk) hello! hello! pubkey i'm done! encrypt(key) key

Slide 139

Slide 139 text

client hello! hello! pubkey i'm done! encrypt(key) server (pk, sk) key NSA (pk, sk) hello! hello! pubkey i'm done! encrypt(key) key key

Slide 140

Slide 140 text

client hello! hello! pubkey i'm done! encrypt(key) server (pk, sk) key NSA (pk, sk) hello! hello! pubkey i'm done! encrypt(key) key key

Slide 141

Slide 141 text

authentication (of the server)

Slide 142

Slide 142 text

client hello! hello! pubkey server (pk, sk) session key

Slide 143

Slide 143 text

client hello! hello! signed pubkey server (pk, sk) session key verify signature

Slide 144

Slide 144 text

client hello! hello! signed pubkey server (pk, sk) session key verify signature i'm done! encrypt pk (session key) session key

Slide 145

Slide 145 text

client hello! hello! signed pubkey server (pk, sk) NSA (pk, sk) hello! hello! signed pubkey key

Slide 146

Slide 146 text

client hello! hello! signed pubkey server (pk, sk) NSA (pk, sk) hello! hello! signed pubkey key abort!

Slide 147

Slide 147 text

how can you tell you're talking to the right person? (and not to the NSA)

Slide 148

Slide 148 text

trusted third-party certificate authority

Slide 149

Slide 149 text

trusted third-party certificate authority

Slide 150

Slide 150 text

No content

Slide 151

Slide 151 text

EFF has found more than 650 certificate authorities in the wild

Slide 152

Slide 152 text

No content

Slide 153

Slide 153 text

*.google.com

Slide 154

Slide 154 text

*.google.com

Slide 155

Slide 155 text

*.google.com

Slide 156

Slide 156 text

*.google.com 7 different domains

Slide 157

Slide 157 text

*.google.com 7 different domains

Slide 158

Slide 158 text

$100

Slide 159

Slide 159 text

$1,000 $100

Slide 160

Slide 160 text

$1,000 $1,000 $100

Slide 161

Slide 161 text

HTML hypertext markup language

Slide 162

Slide 162 text

parsing

Slide 163

Slide 163 text

.png .jpg .js .css

Slide 164

Slide 164 text

No content

Slide 165

Slide 165 text

No content

Slide 166

Slide 166 text

resolve all hostnames establish TCP connections negotiate TLS session URL DNS IP TCP HTTP / TLS HTML

Slide 167

Slide 167 text

@fmarier [email protected] questions?

Slide 168

Slide 168 text

Copyright © 2014 Francois Marier This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. leaky pipe: https://www.flickr.com/photos/ifl/3920636654 leaky pipe with elephant: https://www.flickr.com/photos/rcrhee/10785374875 sky tower: https://www.flickr.com/photos/elisfanclub/6120863439 golden gate: https://www.flickr.com/photos/jeffgunn/6663212147 san jose: https://www.flickr.com/photos/the_tahoe_guy/3183673224 statue of liberty: https://www.flickr.com/photos/suewaters/7574642942 big ben: https://www.flickr.com/photos/timmorris/3103896345 bbc house: https://www.flickr.com/photos/redvers/532073098 fingers crossed: https://www.flickr.com/photos/bearpark/6861722073 prince charles : http://en.wikipedia.org/wiki/File:Prince_Charles_2012.jpg southern cross cable: https://en.wikipedia.org/wiki/File:Southern_Cross_Cable_route.svg image credits