Josh Davies

SE Radio 378: Joshua Davies on Attacking and Securing PKI

Joshua Davies, author of Implementing SSL / TLS Using Cryptography and PKI discussed SSL/TLS, public-key infrastructure, certificate authorities, and vulnerabilities in the security infrastructure.  Robert Blumen spoke with Davies about the history of SSL/TLS; TLS 1.3; symmetric and asymmetric cryptography; the TLS handshake; the Diffie-Helman key exchange; the HTTPS protocol; verification of domain ownership; man-in-the-middle (MITM) attacks; the problem of infinite regress of trust; certificate authorities (CAs); corporate MITM boxes; CAs and the trust store; how does a CA become trusted; the large number of CAs in modern operating systems; trust and vulnerabilities at the CA level;  the problems created by the ability of any trusted CA to issue a certificate for any domain; how to obtain a certificate; domain validation; extended validation; attacks on the domain validation process (DNS spoofing, BGP hijacking) certificate revocation, CRLs, OCSP and OCSP stapling; certificate transparency (CT) and CT monitoring; HTTPS and browser behavior; mixed content warnings; HSTS (HTTP strict transport security); HTTPS and CDNs.

Show Notes

Related Links

SE Radio theme: “Broken Reality” by Kevin MacLeod ( — Licensed under Creative Commons: By Attribution 3.0)

Join the discussion
1 comment

More from this show