Thanks for the comment and noticing that! We also got this for Behind the Scenes: kzbin.info/www/bejne/i2iokH9qrKiDisU

glad you enjoyed it!

I think the video is mirrored.

amazing...

glad you enjoy them!

I wish we were that talented! For details on our build and process, you can check out this article: devcentral.f5.com/articles/lightboard-lessons-behind-the-scenes

Glad someone else feels the same way.

I'm wondering the exact same thing!

Mirroring

That was the very first thing I started wondering as soon as I saw him writing... :)

Thanks Abraham!

glad you enjoyed it!

great question! PFS ciphers are used for the key exchange portion of the TLS handshake, and new bulk encryption session keys are generated for each session. but, for server authentication purposes, many implementations still use RSA, so importing a private key for that purpose might still be needed (although you don't have to use RSA for authentication). hope this helps!

Great question Lokesh! Here's a link to a discussion on Stack Exchange that does a good job of explaining the replay attack: security.stackexchange.com/questions/166156/understanding-a-tls-1-3-0-rtt-replay-attack

Thanks for the comment!!

alright, alright, alright!

side effect of fancy lightboards

glad you enjoyed it!

glad you enjoyed it!

Hi Neil. Thanks for the comment. When I mentioned "share your private key" I was not referring to sharing it with everyone. In some implementations using RSA for key exchange, companies will want to add inline security inspection devices like Data Loss Prevention (DLP) or Intrusion Prevention Systems (IPS), etc. When a user connects to the web server and establishes an encrypted session with the server, no other device can read the contents of the data exchanged between client and server. But, when RSA is used for key exchange, the private key of the server can be shared with these trusted security devices (DLP, IPS, etc) so that they can ultimately decrypt the data and inspect it. This brings up the fundamental problem in TLS 1.3 when PFS key exchange ciphers are used. There's no web server private key to share with these security devices (because the key changes with every new session)...so you have to figure out some other way to let them inspect the traffic. This has created a big headache for many organizations. Thanks again for the comment!

Thanks for clarifying that for me. I guess any man in the middle that has a private key of one of the side will be able to decrypt as it will see the handshake negotiate and will get the new symmetric key each session. Basically government does not allow you to really hide the symmetric data key in order for them to continue reading all information . Tls 1.3 will just prevent tempering to the data so if one government modify the data before second goverment read it they will know :-)

@@neilreonen75 thanks!

Thanks...as you mentioned, it's more of a high-level view of what TLS 1.3 brings. I gave a talk on this at a recent conference and filled up every bit of an hour talking about the details of TLS 1.3, so it's hard to squeeze it all into a shorter video. Thanks for the comment, though!

touche! iPhones have certainly come a long way.

Hi Jason...it's totally true! :) The TLS 1.3 RFC says "Ultimately, servers have the responsibility to protect themselves against attacks employing 0-RTT data replication." - Appendix E.5

@@devcentral i am sure it is. we'll be seeing LOTS of vulnerabilities with TLS 1.3 on the horizon.....

Great question! It's important to note that the replay attack can only happen on the Zero Round Trip Time session resumption feature in TLS 1.3; and even then, it's only possible for the first HTTP request during the resumption. So, the symmetric key is still safe, but the replay attack (if the server allows certain HTTP methods) can still be harmful to the end user or the application. Here's a quick diagram of how the replay attack could work: blog.cloudflare.com/content/images/2017/03/image00.jpg For many applications, the Zero Round Trip Time session resumption is only allowed for HTTP methods that will not change the state of the server and/or application. This effectively means that if a replay attack is launched, the application is not adversely affected. I hope this helps!