Software Engineering Radio - the podcast for professional software developers avatar

Dexa/Software Engineering Radio - the podcast for professional software developers

Learn more
Published Sep 3, 2019

Episode 378: Joshua Davies on Attacking and Securing PKI

Dive deep into the world of web security with Joshua Davies as he unravels the evolution from SSL to TLS 1.3, exposes vulnerabilities in Public Key Infrastructure (PKI), and underscores the critical role of encryption and certificate authorities in safeguarding digital communications.
Episode Highlights
Software Engineering Radio - the podcast for professional software developers logo

Topics covered

Popular Clips

Episode Highlights

  • SSL to TLS

    The transition from SSL to TLS marked a significant evolution in web security protocols. explains that SSL, developed by Netscape in the mid-1990s, was designed to provide security in a hostile network environment. However, concerns about a private company managing such a critical protocol led to its handover to the Internet Engineering Task Force (IETF), which renamed it to TLS. Despite the name change, the term SSL remains prevalent in the industry. notes, "The most popular library for TLS is called OpenSSL, and I don't think the term SSL is ever going to go away, even though nobody uses SSL anymore." 1 2.

       

    TLS 1.3

    TLS 1.3 introduced key improvements, notably reducing the number of messages needed to establish a secure connection. highlights that the handshake process was streamlined from seven messages to three, enhancing efficiency. This change allows the client to initiate the key exchange, assuming the server supports its preferred method, which is often the case. explains, "They also introduced the concept of what they call zero RTT handshake, where the client can assume that the server can do a handshake." This advancement is particularly beneficial for large-scale web services, where reducing latency is crucial 3 2.

Related Episodes