Episode 378: Joshua Davies on Attacking and Securing PKI

Filed in Episodes by on August 28, 2019 1 Comment

Joshua Davies, author of Implementing SSL / TLS Using Cryptography and PKI discussed SSL/TLS, public-key infrastructure, certificate authorities, and vulnerabilities in the security infrastructure.  Robert Blumen spoke with Davies about the history of SSL/TLS; TLS 1.3; symmetric and asymmetric cryptography; the TLS handshake; the Diffie-Helman key exchange; the HTTPS protocol; verification of domain ownership; man-in-the-middle (MITM) attacks; the problem of infinite regress of trust; certificate authorities (CAs); corporate MITM boxes; CAs and the trust store; how does a CA become trusted; the large number of CAs in modern operating systems; trust and vulnerabilities at the CA level;  the problems created by the ability of any trusted CA to issue a certificate for any domain; how to obtain a certificate; domain validation; extended validation; attacks on the domain validation process (DNS spoofing, BGP hijacking) certificate revocation, CRLs, OCSP and OCSP stapling; certificate transparency (CT) and CT monitoring; HTTPS and browser behavior; mixed content warnings; HSTS (HTTP strict transport security); HTTPS and CDNs.

Related Links

SE Radio theme music: “Broken Reality” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0

Facebooktwittergoogle_pluslinkedin

Tags: , , , ,