Your SlideShare is downloading. ×
0
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
URL to HTML
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

URL to HTML

250

Published on

What happens in between the time you type a URL in your browser and the time you see the fully rendered page.

What happens in between the time you type a URL in your browser and the time you see the fully rendered page.

Published in: Internet, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
250
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. URL to HTML a minute in the life of a webpage François Marier @fmarier mozilla
  • 2. mozilla newmarket
  • 3. 8 engineers
  • 4. 8 engineers 1 designer
  • 5. 8 engineers 1 designer 1 manager
  • 6. video & media marketplace cloud services crash investigation
  • 7. video & media marketplace cloud services crash investigation
  • 8. video & media marketplace cloud services crash investigation
  • 9. video & media marketplace cloud services crash investigation
  • 10. > 1,000 employees world-wide
  • 11. </ >
  • 12. 1. Learn HTML 2. ? 3. Profit !
  • 13. abstractions
  • 14. asbtraction construct used to understand a complicated topic at a high level
  • 15. asbtraction extra layer added to avoid writing the same code over and over
  • 16. drawSquare()
  • 17. drawLine()
  • 18. drawLine()
  • 19. drawLine()
  • 20. drawLine()
  • 21. drawSquare()
  • 22. if you don't understand the layers below, you won't know what to do when the abstraction breaks
  • 23. mastery requires a high-level understanding of the rest of the stack
  • 24. web performance
  • 25. web performance how bytes make it to the user
  • 26. web performance how bytes make it to the user how the browser renders the page
  • 27. URL DNS IP TCP HTTP / TLS HTML
  • 28. URL DNS IP TCP HTTP / TLS HTML
  • 29. URL uniform ressource locator
  • 30. http://www.example.com
  • 31. http://www.example.com
  • 32. http://www.example.com /articles/
  • 33. http://www.example.com /articles/tutorial.cgi
  • 34. http://www.example.com /articles/tutorial.cgi ?showsolutions=0&topic=web
  • 35. http://www.example.com /articles/tutorial.cgi ?showsolutions=0&topic=web #part5
  • 36. http://www.example.com:80 /articles/tutorial.cgi ?showsolutions=0&topic=web #part5
  • 37. http://username:password@ www.example.com:80 /articles/tutorial.cgi ?showsolutions=0&topic=web #part5
  • 38. DNS domain name system
  • 39. $ cat /etc/resolv.conf nameserver 208.67.222.222 nameserver 208.67.220.220
  • 40. www.cs.auckland.ac.nz
  • 41. www.cs.auckland.ac.nz 130.216.158.22
  • 42. $ dig nz NS @199.7.83.42
  • 43. $ dig nz NS @199.7.83.42 ; <<>> DiG 9.8.1-P1 <<>> nz NS @199.7.83.42 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 412 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADD ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;nz. IN NS ;; AUTHORITY SECTION: nz. 172800 IN NS ns1.dns.net.nz. nz. 172800 IN NS ns2.dns.net.nz. nz. 172800 IN NS ns3.dns.net.nz. nz. 172800 IN NS ns4.dns.net.nz. nz. 172800 IN NS ns5.dns.net.nz. nz. 172800 IN NS ns6.dns.net.nz. nz. 172800 IN NS ns7.dns.net.nz.
  • 44. $ dig ac.nz NS @ns1.dns.net.nz
  • 45. $ dig ac.nz NS @ns1.dns.net.nz ; <<>> DiG 9.8.1-P1 <<>> ac.nz NS @ns1.dns.net.nz ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 391 ;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;ac.nz. IN NS ;; ANSWER SECTION: ac.nz. 86400IN NS ns7.dns.net.nz. ac.nz. 86400IN NS ns4.dns.net.nz. ac.nz. 86400IN NS ns2.dns.net.nz. ac.nz. 86400IN NS ns1.dns.net.nz. ac.nz. 86400IN NS ns6.dns.net.nz. ac.nz. 86400IN NS ns3.dns.net.nz. ac.nz. 86400IN NS ns5.dns.net.nz.
  • 46. $ dig auckland.ac.nz NS @ns1.dns.net.nz
  • 47. $ dig auckland.ac.nz NS @ns1.dns.net.nz ; <<>> DiG 9.8.1-P1 <<>> auckland.ac.nz NS @ns1.dns.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 598 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADD ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;auckland.ac.nz. IN NS ;; AUTHORITY SECTION: auckland.ac.nz. 86400IN NS pubsec.domainz.net.nz. auckland.ac.nz. 86400IN NS dns1.auckland.ac.nz. auckland.ac.nz. 86400IN NS dns2.auckland.ac.nz. ;; ADDITIONAL SECTION: dns1.auckland.ac.nz.86400IN A 130.216.1.2 dns2.auckland.ac.nz.86400IN A 130.216.1.1
  • 48. $ dig cs.auckland.ac.nz NS @dns1.auckland.ac.nz
  • 49. $ dig cs.auckland.ac.nz NS @dns1.auckland.ac.nz ; <<>> DiG 9.8.1-P1 <<>> cs.auckland.ac.nz NS @dns1.auc ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 485 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;cs.auckland.ac.nz. IN NS ;; ANSWER SECTION: cs.auckland.ac.nz. 10800 IN NS dns2.auckland.ac.nz. cs.auckland.ac.nz. 10800 IN NS kronos2.cs.auckland.ac.n cs.auckland.ac.nz. 10800 IN NS dns1.auckland.ac.nz. cs.auckland.ac.nz. 10800 IN NS kronos1.cs.auckland.ac.n ;; ADDITIONAL SECTION: dns1.auckland.ac.nz.1800 IN A 130.216.1.2
  • 50. $ dig www.cs.auckland.ac.nz @kronos1.cs.auckland.ac.nz
  • 51. $ dig www.cs.auckland.ac.nz @kronos1.cs.auckland.ac.nz ; <<>> DiG 9.8.1-P1 <<>> www.cs.auckland.ac.nz A @krono ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 175 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.cs.auckland.ac.nz. IN A ;; ANSWER SECTION: www.cs.auckland.ac.nz. 10800 IN A 130.216.158.22 ;; AUTHORITY SECTION: cs.auckland.ac.nz. 10800IN NS kronos2.cs.auckland.ac.nz cs.auckland.ac.nz. 10800IN NS dns2.auckland.ac.nz. cs.auckland.ac.nz. 10800IN NS dns1.auckland.ac.nz. cs.auckland.ac.nz. 10800IN NS kronos1.cs.auckland.ac.nz
  • 52. l.root-servers.net ns1.dns.net.nz ns1.dns.net.nz dns1.auckland.ac.nz kronos1.cs.auckland.ac.nz
  • 53. l.root-servers.net ns1.dns.net.nz ns1.dns.net.nz dns1.auckland.ac.nz kronos1.cs.auckland.ac.nz
  • 54. l.root-servers.net ns1.dns.net.nz ns1.dns.net.nz dns1.auckland.ac.nz kronos1.cs.auckland.ac.nz
  • 55. l.root-servers.net ns1.dns.net.nz ns1.dns.net.nz dns1.auckland.ac.nz kronos1.cs.auckland.ac.nz
  • 56. l.root-servers.net ns1.dns.net.nz ns1.dns.net.nz dns1.auckland.ac.nz kronos1.cs.auckland.ac.nz
  • 57. IP internet protocol
  • 58. www.bbc.co.uk 212.58.246.94
  • 59. $ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk
  • 60. $ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk
  • 61. $ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk
  • 62. $ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk
  • 63. $ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk
  • 64. $ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk
  • 65. $ mtr 212.58.246.94 1. 192.168.1.1 2. llu.bng1.tvc.orcon.net.nz 3. xe-3-3-0.cre1.sky.orcon.net.nz 4. 121.98.9.137 5. ae1-0.cre2.nct.odyssey.net.nz 6. ORCON-INTER.bar1.SanFrancisco1.Level3.net 7. xe-5-0-0.bar1.SanFrancisco1.Level3.net 8. ae-0-11.bar2.SanFrancisco1.Level3.net 9. ae-6-6.ebr2.SanJose1.Level3.net 10. ae-62-62.csw1.SanJose1.Level3.net 11. ae-61-61.ebr1.SanJose1.Level3.net 12. ae-2-2.ebr2.NewYork1.Level3.net 13. ae-62-62.csw1.NewYork1.Level3.net 14. ae-61-61.ebr1.NewYork1.Level3.net 15. ae-43-43.ebr2.London1.Level3.net 16. ae-57-222.csw2.London1.Level3.net 17. ae-229-3605.edge4.London1.Level3.net 18. BBC-TECHNOL.edge4.London1.Level3.net 19. ??? 20. ??? 21. ae0.er01.cwwtf.bbc.co.uk 22. 132.185.255.165 23. bbc-vip015.cwwtf.bbc.co.uk
  • 66. 130.216.158.22 212.58.246.94
  • 67. 130.216.158.22 212.58.246.94 router drops packets packets arrive in wrong order
  • 68. 130.216.158.22 212.58.246.94 router drops packets cable is cut packets arrive in wrong order
  • 69. 130.216.158.22 212.58.246.94 router drops packets cable is cut packets arrive in wrong order
  • 70. ideal network actual network
  • 71. TCP transmission control protocol
  • 72. guarantees in-order delivery of packets
  • 73. abstraction of a reliable point-to-point connection with built-in re-try logic
  • 74. applications have a lot less errors to deal with
  • 75. UDP user datagram protocol
  • 76. TCP UDP
  • 77. reminder: abstractions are leaky
  • 78. 3-way handshake establishing a new connection
  • 79. hi
  • 80. how are you?
  • 81. good, you?
  • 82. client server
  • 83. client SYN x=42 server
  • 84. client SYN x=42 SYN+ACK y=10,x=43 server
  • 85. client SYN x=42 SYN+ACK y=10,x=43 ACK y=11 server
  • 86. HTTP hypertext transfer protocol
  • 87. http://www.example.com
  • 88. http://www.example.com
  • 89. clear text protocol
  • 90. client request server
  • 91. client request response server
  • 92. Host: www.example.com User-Agent: Mozilla/5.0 (rv:29.0) Firefox/29.0 DNT: 1
  • 93. Host: www.example.com User-Agent: Mozilla/5.0 (rv:29.0) Firefox/29.0 DNT: 1 <request body goes in here>
  • 94. Content-Type: text/html Date: Thu, 22 May 2014 05:34:47 GMT Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT Content-Length: 1270 <!doctype html> <html> <head> <title>Example Domain</title> </head> <body> <div> <h1>Example Domain</h1> <p>This domain is established to be used for domain in examples without prior coordination </div> </body> </html>
  • 95. 200 OK
  • 96. 404 Not Found
  • 97. $ curl http://www.example.com <!doctype html> <html> <head> <title>Example Domain</title> </head> <body> <div> <h1>Example Domain</h1> <p>This domain is established to be used for domain in examples without prior coordinatio </div> </body> </html>
  • 98. $ curl --head http://www.example.com HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=604800 Content-Type: text/html Date: Thu, 22 May 2014 05:42:26 GMT Etag: "359670651" Expires: Thu, 29 May 2014 05:42:26 GMT Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT Server: ECS (cpm/F858) X-Cache: HIT x-ec-custom-error: 1 Content-Length: 1270
  • 99. verbs (fancy word for commands)
  • 100. GET
  • 101. POST
  • 102. GET /article/43228
  • 103. GET /article/43228 GET /article/43228
  • 104. GET /article/43228 POST /article/delete/last
  • 105. GET /article/43228 POST /article/delete/last POST /article/delete/last
  • 106. GET /article/43228 POST /item/20/buy POST /item/20/buy $$$ $$$
  • 107. TLS transport layer security
  • 108. SSL secure sockets layer
  • 109. HTTPS hypertext transfer protocol secure
  • 110. secure (sometimes)
  • 111. client server (pk, sk)
  • 112. client hello! server (pk, sk)
  • 113. client hello! hello! pubkey server (pk, sk)
  • 114. client hello! hello! pubkey server (pk, sk) session key
  • 115. client hello! hello! pubkey i'm done!encryptpk (session key) server (pk, sk) session key
  • 116. client hello! hello! pubkey i'm done!encryptpk (session key) server (pk, sk) session key session key
  • 117. man-in-the-middle
  • 118. client server (pk, sk)
  • 119. client server (pk, sk) NSA (pk, sk)
  • 120. client hello! server (pk, sk) NSA (pk, sk)
  • 121. client hello! server (pk, sk) NSA (pk, sk) hello!
  • 122. client hello! hello! pubkey server (pk, sk) NSA (pk, sk) hello!
  • 123. client hello! hello! pubkey server (pk, sk) NSA (pk, sk) hello! hello! pubkey
  • 124. client hello! hello! pubkey server (pk, sk) key NSA (pk, sk) hello! hello! pubkey
  • 125. client hello! hello! pubkey i'm done!encrypt(key) server (pk, sk) key NSA (pk, sk) hello! hello! pubkey
  • 126. client hello! hello! pubkey i'm done!encrypt(key) server (pk, sk) key NSA (pk, sk) hello! hello! pubkey key
  • 127. client hello! hello! pubkey i'm done!encrypt(key) server (pk, sk) key NSA (pk, sk) hello! hello! pubkey i'm done!encrypt(key)key
  • 128. client hello! hello! pubkey i'm done!encrypt(key) server (pk, sk) key NSA (pk, sk) hello! hello! pubkey i'm done!encrypt(key)key key
  • 129. client hello! hello! pubkey i'm done!encrypt(key) server (pk, sk) key NSA (pk, sk) hello! hello! pubkey i'm done!encrypt(key)key key
  • 130. authentication (of the server)
  • 131. client hello! hello! pubkey server (pk, sk) session key
  • 132. client hello! hello! signed pubkey server (pk, sk) session key verify signature
  • 133. client hello! hello! signed pubkey server (pk, sk) session key verify signature i'm done!encryptpk (session key) session key
  • 134. client hello! hello! signed pubkey server (pk, sk) NSA (pk, sk) hello! hello! signed pubkeykey
  • 135. client hello! hello! signed pubkey server (pk, sk) NSA (pk, sk) hello! hello! signed pubkeykey abort!
  • 136. how can you tell you're talking to the right person? (and not to the NSA)
  • 137. trusted third-party certificate authority
  • 138. trusted third-party certificate authority
  • 139. EFF has found more than 650 certificate authorities in the wild
  • 140. *.google.com
  • 141. *.google.com
  • 142. *.google.com
  • 143. *.google.com 7 different domains
  • 144. *.google.com 7 different domains
  • 145. $100
  • 146. $1,000 $100
  • 147. $1,000$1,000 $100
  • 148. HTML hypertext markup language
  • 149. parsing
  • 150. .png .jpg .js .css
  • 151. resolve all hostnames establish TCP connections negotiate TLS session URL DNS IP TCP HTTP / TLS HTML
  • 152. @fmarier francois@mozilla.com questions?
  • 153. Copyright © 2014 Francois Marier <francois@mozilla.com> This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. leaky pipe: https://www.flickr.com/photos/ifl/3920636654 leaky pipe with elephant: https://www.flickr.com/photos/rcrhee/10785374875 sky tower: https://www.flickr.com/photos/elisfanclub/6120863439 golden gate: https://www.flickr.com/photos/jeffgunn/6663212147 san jose: https://www.flickr.com/photos/the_tahoe_guy/3183673224 statue of liberty: https://www.flickr.com/photos/suewaters/7574642942 big ben: https://www.flickr.com/photos/timmorris/3103896345 bbc house: https://www.flickr.com/photos/redvers/532073098 fingers crossed: https://www.flickr.com/photos/bearpark/6861722073 prince charles : http://en.wikipedia.org/wiki/File:Prince_Charles_2012.jpg southern cross cable: https://en.wikipedia.org/wiki/File:Southern_Cross_Cable_route.svg image credits

×