Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,920 --> 00:00:08,070
Pay is the application layer protocol of Web sites as you probably know.
2
00:00:08,250 --> 00:00:17,770
So this is why you see Haiti T.P. slash slash flame going to be RIDO Google dot com and that will take
3
00:00:18,000 --> 00:00:22,130
a page TTP version of the Web site.
4
00:00:22,740 --> 00:00:29,970
Now if you look here it literally sends a text that looks like this to and from the servers.
5
00:00:30,180 --> 00:00:33,010
And this is the hasty ETP protocol here.
6
00:00:33,100 --> 00:00:39,600
It's saying that it's a hasty protocol it's talking about day servers and then below it you have the
7
00:00:39,600 --> 00:00:48,080
hastier mail code which is what you'll see if you look at the source code of the pages.
8
00:00:48,130 --> 00:00:54,640
It looks like there's so the GDP is in plain text.
9
00:00:54,720 --> 00:01:06,210
Now if by close this and actually go to Google and change it to Haiti GP s I am now running Hayes's
10
00:01:06,240 --> 00:01:16,590
E.P. over TLR or SSL has UDP provides the security services of Tellez because it uses tailless so data
11
00:01:16,620 --> 00:01:24,600
encryption authentication usually at the server side message integrity an optional client or browser
12
00:01:24,600 --> 00:01:32,880
authentication when you access a web site with hated CBS Web server will start the task to invoke SSL
13
00:01:33,090 --> 00:01:39,630
and protect the communication the server sends a message back to the client indicating a secure session
14
00:01:39,900 --> 00:01:45,690
should be established and the client in response sends it security parameters.
15
00:01:45,780 --> 00:01:52,260
So that means it will say I'm prepared to use this digital signature unprepared to use this key exchange
16
00:01:52,380 --> 00:01:53,310
algorithm.
17
00:01:53,310 --> 00:01:59,460
I'm prepared to use this symmetric key and the server compares those security parameters to his own
18
00:01:59,760 --> 00:02:01,090
until it finds a match.
19
00:02:01,090 --> 00:02:08,190
And this is called the hand-shaking phase the server authenticate the client by sending it a digital
20
00:02:08,190 --> 00:02:11,440
certificate which we will be covering next.
21
00:02:11,490 --> 00:02:18,030
And if the client decides to trust the server the process continues the server can require the client
22
00:02:18,030 --> 00:02:21,920
to send over a digital certificate to for mutual thanto occasion.
23
00:02:22,200 --> 00:02:23,670
But that doesn't often happen.
24
00:02:23,710 --> 00:02:31,890
But if you're looking for a full secure end to end session with authentication of yourself and the other
25
00:02:31,890 --> 00:02:39,660
side you would use certificates either side with digital signatures those digital certificate finding
26
00:02:39,810 --> 00:02:45,140
the authentication and you'll understand that a little bit more when we go to digital certificates the
27
00:02:45,170 --> 00:02:51,960
client generates a symmetric sesshin key like by using a yes and encrypts it with a serve as public
28
00:02:51,960 --> 00:02:52,440
key.
29
00:02:52,440 --> 00:02:58,080
This encrypted key is sent to the web server and they both use the symmetric key to encrypt the data
30
00:02:58,080 --> 00:02:59,900
they send back and forth.
31
00:02:59,910 --> 00:03:06,560
This is how the secure channel is established tailless requires a tailless enabled server browser and
32
00:03:06,590 --> 00:03:09,180
all modern browsers support TLR.
33
00:03:09,330 --> 00:03:16,620
As we saw on the Wikipedia page and in all of the browsers you'll see hastier CPS which will indicate
34
00:03:16,620 --> 00:03:23,940
that T.L. S is being used and you often see a padlock as well and all the browsers have some sort of
35
00:03:23,940 --> 00:03:32,960
equivalent of this in order for you to know that I hated CPS or hate ETP with T.L. less is being used.
36
00:03:33,270 --> 00:03:39,920
If this is not shown then the connection is not encrypted or authenticated and it will be sent in plain
37
00:03:39,920 --> 00:03:41,030
text.
38
00:03:41,160 --> 00:03:50,220
So just as you see here and all of the contents of the Web site just as I can see them now if HDTV is
39
00:03:50,220 --> 00:03:52,780
not used we look at a padlock here.
40
00:03:55,300 --> 00:04:02,020
We can see the technical details for what the encryption algorithms are.
41
00:04:02,080 --> 00:04:08,590
So in this case it's using less using elliptical curve with DIFI Helmar.
42
00:04:08,800 --> 00:04:19,120
The auction of rsa the symmetric key is a yes with 128 bits with a GCM mode of operation and Shaugh
43
00:04:19,120 --> 00:04:21,670
to 5 6 for data integrity.
44
00:04:21,670 --> 00:04:24,750
This had been negotiated between the client and the server.
45
00:04:24,790 --> 00:04:31,510
And if we look in why I don't watch soccer as a protocol analyzer so you can see the traffic as it goes
46
00:04:31,600 --> 00:04:32,780
in and out.
47
00:04:33,030 --> 00:04:40,950
I can see here the conversation that happened where my client or my browser is said these are things
48
00:04:40,950 --> 00:04:45,520
that I support and the server has responded.
49
00:04:47,520 --> 00:04:51,080
And say well this is what I would actually like to use.
50
00:04:52,120 --> 00:04:58,140
And then they provided the certificate with the digital signature and the public key on it.
51
00:04:59,020 --> 00:05:07,780
And on the Web site you can go to is SSL labs and if you enter in the web site or you are now of a site
52
00:05:07,780 --> 00:05:15,900
that is ruining Haiti CPS you can see more encryption options are off by that site.
53
00:05:15,960 --> 00:05:23,640
So here we can see that bank of america signature algorithm is Shaar to 5:6 with our say for the digital
54
00:05:23,640 --> 00:05:24,520
signature.
55
00:05:24,570 --> 00:05:26,940
We can see the chain of trust here.
56
00:05:26,940 --> 00:05:33,540
Bank of America's certificate a chain of trust comes down here and then we have the root certificate
57
00:05:33,540 --> 00:05:34,170
here.
58
00:05:36,460 --> 00:05:37,940
And the protocols.
59
00:05:37,960 --> 00:05:45,490
The server is prepared to use current interest in site and it gives you a rating for how good it thinks
60
00:05:45,490 --> 00:05:46,480
the site is.
61
00:05:47,780 --> 00:05:51,600
A final point on Haiti and a privacy problem.
62
00:05:51,600 --> 00:05:59,700
Something called the server name indication as an I is an extension to teach a class by which a client
63
00:05:59,940 --> 00:06:06,450
indicates which hostname is attempting to connect to at the start of the handshake process and you can
64
00:06:06,450 --> 00:06:09,800
see that represented here within Wireshark.
65
00:06:09,810 --> 00:06:11,460
We can see the server name.
66
00:06:11,460 --> 00:06:14,130
Do we do we w Daut outlook dot com.
67
00:06:14,130 --> 00:06:21,930
This allows a server to present multiple certificates on the same IP address and TCAP port number and
68
00:06:21,930 --> 00:06:29,760
hence allow multiple secure hasty T-P s web sites or any other service over Tellez to be secured by
69
00:06:29,760 --> 00:06:36,810
the same IP address without requiring all those sites to use the same certificate the desired hostname
70
00:06:36,930 --> 00:06:39,210
as you can see here is not encrypted.
71
00:06:39,360 --> 00:06:46,410
So an eavesdropper can see which site is being requested as an I is used to implement censorship and
72
00:06:46,410 --> 00:06:53,940
block sites as Sanai means if you're using Hastey CPS eavesdroppers can see what site you are going
73
00:06:53,940 --> 00:06:54,390
to.
74
00:06:54,570 --> 00:06:58,960
But then after that the communication is scrambled or encrypted.
8090
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.