New article! My second part on TLS.

2015-11-10 13:33:10 -05:00 · 2015-11-10 13:33:10 -05:00 · 0aa444459c
commit 0aa444459c
parent 6c8aed872c
2 changed files with 54 additions and 8 deletions
--- a/_posts/2015-01-01-Ireland-Log.html
+++ b/_posts/2015-01-01-Ireland-Log.html
--- a/_posts/2015-11-10-TLS-Part-2.html
+++ b/_posts/2015-11-10-TLS-Part-2.html
@ -15,16 +15,62 @@
     examination of certificates, cipher suites, and public-key
     authentication.</p>

-     <h2>Certificates</h2> 
-     <p>A certificate is a vessel for a server to provide authentication
-     information. </p>
+     <h2>Certificates</h2>
+     <p>A certificate is a vessel for a domain to provide authentication
+     information. More specifically, and perhaps most importantly, a certificate
+     is the package which transfers a key. TLS relies entirely upon Public-Key
+     Authentication to setup a secure connection. The challenge with Public-Key
+     Authentication is often sharing keys in a verifiable and secure manner.
+     This is to say that, despite public keys being public, you still need to
+     verify the owner of the key. This is where certificates, and Certificate
+     Authorities come in. Each certificate is tailored to a specific domain. It
+     includes not only the public key for a user to connect to the server with,
+     but also meta-data about the certificate: a UUID, and information about the
+     Certificate Authority; a signature authorizing the certificate, as well as
+     the encryption used for the signature; a thumbprint of the key, and details
+     of the algorithm used to hash the key; and a purpose for the certificate.
+     Certificates may contain additional details, but the aforementioned list is
+     required.</p>

-     <h2>Cipher Suites</h2> 
-     <p>A cipher is the algorithm used to encrypt the information
-     to be transmitted.</p>
+     <p>A Certificate Authority (CA) is a trusted third-party repository of
+     signed keys. The purpose of a CA is very specific: verification. A CA will
+     generate and issue a key-pair to a domain. The domain can then share the
+     public key using a certificate. How specifically a CA verifies the domains
+     and keys is out of scope of this discussion, but Wikipedia provides many
+     details on the techniques used.</p>
+
+     <h2>Cipher Suites</h2>
+     <p>A cipher is the algorithm used to encrypt information. Ciphers are
+     incredibly complex mathematical formulae, and are well beyond my
+     understanding. However, it is important to note that the strength of a key
+     is only as strong as the cipher suite used to generate it. Likewise, the
+     strength of a certificate is only as strong as the cipher used to sign
+     it. Keep this in mind when you generate and work with keys.</p>

     <h2>Public-Key Authentication</h2>
-     <p>Big topic, very important!</p>
+     <p>The most important part of TLS is public-key authentication. I would
+     argue that public-key authentication is one of the most important facets of
+     the technical world. Because of this, I want to recap in more general terms
+     how public-key authentication works:</p>
+
+     <ol>
+          <li>Two parties want to establish a secure connection.</li>
+          <li>Each party generates two keys: one to share publicly, one to keep
+          secret.</li>
+          <li>Each party then shares their public keys.</li>
+     </ol>
+
+     <p>Now, whenever one of the two parties wants to securely communicate with
+     the other, they "sign" (encrypt) the communication with their private key.
+     The second party can then use the public key of the first party to verify
+     the identify of the sender, and decrypt the message.
+
+     <h2>Conclusion</h2>
+     <p>Security is a very deep and involved topic, but one I feel every
+     Sys-Admin should know a bit about. While these posts are only meant to serve
+     as a high-level overview of TLS, there are many more-detailed sources
+     available. I would suggest a visit to your local Wikipedia as a good first
+     step. Thanks for reading.</p>

     <h3>Sources</h3>
     <ol>
@ -49,7 +95,7 @@
 <!-- Notes (because why remove them?)
 Asymmetric Key Authentication:
     - Relies on two keys: Public key, Private key
-     - Both keys are related, but impossible (computationally infeasable) to
+     - Both keys are related, but impossible (computationally infeasible) to
       identify the private key based on the public key [1][2]
     - The public key can be distributed publicly
          - Used to encrypt message to the owner of the private paired key