In order to secure communications over Internet, the most widely adopted method is TLS: Transport Layer Security, formerly known as SSL. Let's discover how it works!
TLS, and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. For example, a cryptographic protocol encrypts the data that is exchanged between a web server and a user.
TLS provides 2 main features:
This technique relies on asymmetric cryptography. Each peer has a public and a private key. The public key allows for encryption only, the private key allows for decryption only.
Peers first exchange public keys. Then the sender encrypts data with the receiver's public key, and sends it over the network. The receiver uses his private key to decrypt the data. It's that simple!
You most probably have an ID card with your name on. You hand it to whoever needs to verify your identity. An ID card usually contains several mechanisms to verify it was issued by a specific and trusted state agency and that it contains the right information.
Using this example, what you do is delegate people authentication to a trusted third-party by the mean of ID cards.
TLS Authentication works the same way. The ID card is a file called certificate. The trusted third-party is a Certificate Authority. The authentication information written in the certificate is guaranteed by the signature of the Certificate Authority.
Certificate Authorities also are certificates pre-installed on your system. Certificates can sign other certificates using their associated private key. Signatures can be verified without the private keys, and the signed certificate is "sealed". If any information in the signed certificate changes, the signature is not valid anymore.
A common authentication information you can find in a certificate is a domain name. Let's say you navigate to www.scaleway.com, the server will send you a certificate saying it is the one responsible for www.scaleway.com and this certificate will be signed by a certificate authority your browser trusts. Your browser will verify the signature of the certificate and proceed to request the page, your browser knows it is on the genuine www.scaleway.com.
Now you know how a client authenticates a server using simple TLS Authentication, let's introduce the scenario where both peers authenticate themselves. They both send their certificate, both verify the received certificate with their known Certificate Authorities, and both proceed with exchanging data. Well, that is mTLS.
We hope you learned something new in this blog post! We have plenty more for you in our blog, through our documentation, or on our community Slack. See you soon!
Learn about bandwidth and packet drops and the impact on "the speed of the internet », the factors that contribute to latency including propagation, serialization, queuing, and switching delays.
PAM is a Linux component to authenticate users. You don't know how it works, but at the bottom of the todo list you made years ago, it says "understand how PAM works". So here you go!
Have you heard of IP addresses and IPv6? An Internet Protocol address (IP address) is a numerical label for identifying and locating networked devices.
