What is a certificate authority?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

certificate authorities are a critical part of the public key infrastructure that allows us to use websites safely certificate authorities exist to solve another problem in the communication channel between Alice and Bob so let's go back to our example where Alice wants to send Bob a private message and maybe this is me wanting to establish a secure connection to a website that I'm visiting remember the first thing Alice has to do is Alice has to retrieve Bob's public key so Alice has to ask Bob for his public key and Bob has to transmit that public key back to Alice the problem arises because the connection between Alice and Bob requires all of this untrusted Internet in between and someone let's call them Charles might be in the middle of this connection and what Charles does is Charles sees Alice asking for Bob's public key and instead of letting that request make its way all the way to Bob and be completed correctly Charles returns his own version of Bob's public key so Charles this is something that's known as a man of mental attack Charles is claiming to be Bob by exploiting the fact that he's on the network path between Alice and Bob so when Alice asks for Bob's public key Charles sends back his own public key and then Alice will send an encrypted message thinking that only Bob can decrypt it with Bob's private key but in reality Charles is going to grab that message as well and decrypted himself and he's going to intercept the communication between Alice and Bob now what makes this worse is that Charles can actually do the following so Charles can forward those messages on to Bob so Charles can actually get Bob's public key can take the message from Alice decrypt it store the contents while now I know what they were saying to each other which is exactly what I didn't want to happen and still forward the message on to Bob and so Charles can sit here on the communication path between these two parties and intercept all of the traffic in clear which is exactly what we didn't want to happen so what do we need to solve this problem so we need some way for Alice to know that it that she actually got Bob's public key and so this is where the idea of a certificate authority comes into play so a certificate authority is are these entities that have been established that provide what we can think of as a route of trust so assuming I trust the certificate authority what the certificate authority will do is that Bob will go this image of certificates or anything and say I want you to validate that this is my public key and the certificate authority will sign it using its own key and then if when alice is exchanging data with Bob and she gets this key right here she'll see that it's not signed properly because Charles is not Bob and Charles can't get the key sign puppet certificate authority so to certificate authorities have have to be they have there's this human element so if you really want to get a strong certificate from a certificate authority there's usually a process by which they have to validate that you're the business that owns a particular domain and they might actually talk to you on the phone and things like that and so this is human element to it but at the end of the day what the certificate authority is going to do is a test that a particular certificate belongs to Bob so we can see this in action when we go online in our web browser so let's open up a browser here and do a quick example open Chrome there we go okay so let's go to like Wikipedia or something all right so this is wikipedia.org and you can see up here that the site is green so this is Chrome's indication to me that this site is that my connection with the site is encrypted and that the site is who I think it is so I'm not being subject to a man-in-the-middle attack if I click on this I can pull up more information so it says my connection to the site is private it gives me some information about the permissions that site has but if I click on this it'll actually start to give me more information so the page is secure it's valid HTTPS and the first thing that says here is view certificate so that action to the site is using a valid trusted server certificate what does that mean it means that a server that I trust a certificate authority that I trust signed the key that I'm using and so I believe that that he actually belongs to wikipedia.org and not to some other random person who's trying to intercept my traffic so let's look over here and again this will show me more information about the key I click details open this up a bit more okay so I can see that the this gives me some sense of how the trust works and I won't go into details here but it's a certificate authorities allowed to delegate the ability to sign certificates and so what this says is this certificate was issued by global sign organization validation CA it expires now certificates have an expiration date this one expires Saturday December 10th so the certificate is valid still and then it gives me some information about the company so again in order to sign the certificate the wickham wikipedia had to provide some information is a ssin name is Wikimedia Foundation it gives me some information about the issuer name and then some information about the public key itself so what this is is information that the browser is telling me and what the browser is saying essentially is that an entity that I trust has verified that this key is the correct key to use when you communicate with wikipedia.org and that's how we bootstrap trust on the internet and prevent ourselves from be subject to man-in-the-middle attacks you

Info

Channel: internet-class

Views: 45,031

Rating: undefined out of 5

Keywords: internet, internet-class.org

Id: 8ItJ-VqYo_s

Channel Id: undefined

Length: 6min 18sec (378 seconds)

Published: Mon Oct 17 2016