hngopher.com

       [HN Gopher] The Illustrated TLS 1.3 Connection
       ___________________________________________________________________
        
       The Illustrated TLS 1.3 Connection
        
       Author : manchoz
       Score  : 202 points
       Date   : 2022-08-03 15:33 UTC (7 hours ago)
        
 (HTM) web link (tls13.xargs.org)
 (TXT) w3m dump (tls13.xargs.org)
        
       | MrRadar wrote:
       | As noted in the header, there are also versions of this for TLS
       | 1.2, DTLS 1.3, and QUIC:
       | 
       | https://tls12.xargs.org/
       | 
       | https://dtls.xargs.org/
       | 
       | https://quic.xargs.org/
        
         | syncsynchalt wrote:
         | I don't have it linked in the header but I'm also proud of
         | https://curves.xargs.org, a visual explainer that (hopes to)
         | give you an understanding of elliptic curve key exchange
         | (ECDHE).
        
           | smoldesu wrote:
           | That's really slick, one of my favorite animated diagrams is
           | the generic Fast Fourier Transform animation, and this
           | definitely scratches that same itch. As someone who's
           | horribly bad at math and visualizing this stuff, thank you!
        
       | tialaramex wrote:
       | Huh, it seems xargs.org is the new name for ulfheim.net ?
       | Presumably the author fancied a change? At first I thought this
       | might be a hijack or a rip-off, but everything checks out.
       | 
       | For what it's worth, I don't recommend name changes. Obviously
       | live your own life, but changing your name is a lasting
       | inconvenience (ask any married western woman who made the mistake
       | of saying "Yeah I'll take his name") and the rewards seem very
       | thin.
        
         | syncsynchalt wrote:
         | Yes, it's still my site. I mirror all old hostnames across both
         | domains but new sites will only have the xargs hostname most
         | likely.
         | 
         | It bothered me that anyone wondering about the domain would
         | likely do a search on the word and end up at the list of SPLC
         | hate groups. My choice was to add a disclaimer to everything I
         | publish or just change domain names. I went with the latter.
        
           | jborean93 wrote:
           | Thanks for making this wonderful resource. It's been
           | invaluable for me to understand the protocol itself.
           | 
           | I'm sorry to hear the original name was hijacked by a hate
           | group and you had to go out of your way to avoid such things.
        
         | alfu wrote:
         | I thought of ulfheim too and it redirects to the new site.
         | 
         | Author's reasoning:
         | 
         | > A few years ago a hate group started using the "ulfheim" name
         | for their own purposes. It's useless trying to reclaim a word,
         | so I'm moving to the domain "http://xargs.org".
         | 
         | https://twitter.com/xargsnotbombs/status/1538227164599812096...
        
       | DethNinja wrote:
       | Are there any corporate MITMs that can handle TLS 1.3 regardless
       | of the client executable?
       | 
       | It looks like TLS 1.3 will eliminate the capture of encrypted
       | malware communications.
       | 
       | I'm assuming that most of the corporations will ban use of TLS
       | 1.3 which is somewhat problematic for the future of such a core
       | protocol.
        
         | mcny wrote:
         | This has been argued to death. Previously, on HN:
         | 
         | https://news.ycombinator.com/item?id=12641880
         | 
         | > You're a bit late to the party. We're metaphorically speaking
         | at the stage of emptying the ash trays and hunting for the not
         | quite empty beer cans.
         | 
         | > I agree, this isn't a low margin business either. We are
         | talking about inferior security for all internet users for the
         | sake of Well Fargo's quarterly report.
         | 
         | > most of the corporations will ban use of TLS 1.3
         | 
         | literally one employee at one bank Wells Fargo said anything
         | about it, after all was said and done.
         | 
         | If the future of TLS depends on these idiots, we are all doomed
         | anyway.
        
           | [deleted]
        
       | 1vuio0pswjnm7 wrote:
       | This was submitted not too long ago. I really appreciate this
       | approach, where he uses on UNIX utilities and C. There's no Perl,
       | Python, Ruby, Go, etc. It is increasingly difficult to find
       | "write ups" submitted to HN that do not use scripting languages,
       | even though they aim to cover "systems level" topics. I find it
       | easier to dissect one like this than one that uses some scripting
       | language with third party libraries. Not to mention I would
       | rather learn more about the substratum, i.e., the use of UNIX
       | utilities and C, than about how to use (non-shell) scripting
       | languages for "low level" tasks that can otherwise be done using
       | small, independent programs and pipes.
        
       ___________________________________________________________________
       (page generated 2022-08-03 23:00 UTC)