the-internet-vagabond-dot-com/_drafts/TLS_Writeup2.txt

TLS: An examination into the Security of the Internet, Part 2

In Part 1, I went over how a connection is established with TLS. In this part, I
want to examine the more involved details of TLS itself. Namely, I want to
examine certificates, cipher suites, and public key authentication.

Certificates
A certificate is a vessel for a server to provide authentication informat

Cipher Suites
A cipher is the algorithm used to encrypt the information to be transmitted.

Public-Key Authentication
Big topic, very important


============================
Sources
     [1] https://en.wikipedia.org/wiki/Public-key_cryptography
     [2]
     https://security.stackexchange.com/questions/6290/how-is-it-possible-that-people-observing-an-https-connection-being-established-w
     [3]
     https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work

============================
Notes
Asymmetric Key Authentication:
     - Relies on two keys: Public key, Private key
     - Both keys are related, but impossible (computationally infeasable) to
       identify the private key based on the public key [1][2]
     - The public key can be distributed publicly
          - Used to encrypt message to the owner of the private paired key
          - Used to verify signatures from the private key
     - The private key is kept secret
          - Used to decrypt message from the public paired key
          - Used to as a digital signature

Basics of an Asymmetric Key handshake:
     1. Client reaches out to server, requesting a secure connection
     2. Server acknowledges request, sends back it's public key
          - This is commonly known as a certificate. Often signed by a
            third-party to ensure it is what it's supposed to be.
     3. Client uses this public key to encrypt a secret, and sends the package
     back to the server.
     4. The server then uses it's private key to decrypt the public-key
     encrypted secret, and uses that secret hence forth to encrypt all traffic.
     5. A private connection is now established.

Basics of Certificates
     1. A certificate is a vessel for a server to provide authentication
     information.
     2. Typically a certificate will contain the following information:
          - A UUID of the certificate itself
          - The subject of the certificate
          - The signature, and signature algorithm used
          - The issuer of the certificate, as well as dates when it is valid
          - The purpose of the key
          - The thumbprint, and algorithm, used to hash the key
          - The public key itself
     3. Certificate Authorities act as a third part to verify the integrity of
     public keys.
Update CSS to switch H2 and H3. Add draft for TLS part 2 2015-05-21 19:12:39 +00:00			`TLS: An examination into the Security of the Internet, Part 2`

			`In Part 1, I went over how a connection is established with TLS. In this part, I`
			`want to examine the more involved details of TLS itself. Namely, I want to`
			`examine certificates, cipher suites, and public key authentication.`

			`Certificates`
			`A certificate is a vessel for a server to provide authentication informat`

			`Cipher Suites`
			`A cipher is the algorithm used to encrypt the information to be transmitted.`

			`Public-Key Authentication`
			`Big topic, very important`



			`============================`
			`Sources`
			`[1] https://en.wikipedia.org/wiki/Public-key_cryptography`
			`[2]`
			`https://security.stackexchange.com/questions/6290/how-is-it-possible-that-people-observing-an-https-connection-being-established-w`
			`[3]`
			`https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work`

			`============================`
			`Notes`
			`Asymmetric Key Authentication:`
			`- Relies on two keys: Public key, Private key`
			`- Both keys are related, but impossible (computationally infeasable) to`
			`identify the private key based on the public key [1][2]`
			`- The public key can be distributed publicly`
			`- Used to encrypt message to the owner of the private paired key`
			`- Used to verify signatures from the private key`
			`- The private key is kept secret`
			`- Used to decrypt message from the public paired key`
			`- Used to as a digital signature`

			`Basics of an Asymmetric Key handshake:`
			`1. Client reaches out to server, requesting a secure connection`
			`2. Server acknowledges request, sends back it's public key`
			`- This is commonly known as a certificate. Often signed by a`
			`third-party to ensure it is what it's supposed to be.`
			`3. Client uses this public key to encrypt a secret, and sends the package`
			`back to the server.`
			`4. The server then uses it's private key to decrypt the public-key`
			`encrypted secret, and uses that secret hence forth to encrypt all traffic.`
			`5. A private connection is now established.`

			`Basics of Certificates`
			`1. A certificate is a vessel for a server to provide authentication`
			`information.`
			`2. Typically a certificate will contain the following information:`
			`- A UUID of the certificate itself`
			`- The subject of the certificate`
			`- The signature, and signature algorithm used`
			`- The issuer of the certificate, as well as dates when it is valid`
			`- The purpose of the key`
			`- The thumbprint, and algorithm, used to hash the key`
			`- The public key itself`
			`3. Certificate Authorities act as a third part to verify the integrity of`
			`public keys.`