Transport Layer Security (TLS)
On September 11, 2017, the Google Chrome security team announced a plan to stop trusting certificates issued from the Symantec certificate authority. The Chrome team announced the plan after reports that some of Symantec's certificate issuing organizations were issuing certificates to domains that weren't properly verified. Why is it so important that the Google Chrome team monitors the trustworthiness of certificates?
If a cybercriminal acquires a certificate for a domain they don't own, they can use that to secretly steal private data from that domain's website users.
What types of encryption are used in the TLS protocol to ensure secure communication between a client and server?
It starts with public key encryption and then uses symmetric encryption.
What best describes the different responsibilities of the TCP and TLS protocols?
TCP is responsible for breaking messages into packets and making sure they all arrive. TLS is a layer on top that provides encrypted communication of messages.
The TLS/SSL protocol is only possible due to the invention of encryption techniques that can't be cracked with modern computers. Which of these best describes how TLS depends on encryption techniques?
TLS depends on both public key encryption and symmetric encryption at different stages in the process.
Which best describes how the TLS protocol uses encryption algorithms?
TLS handshake first uses public key encryption to establish a shared key between the two computers, and then uses symmetric encryption with that shared key.
Paula is creating a journalism organization to do investigative reporting. She registers the domain "whistleblowerz.org" and signs up with a hosting company to provide an email server, so that the journalists can easily communicate with each other. She's debating whether to acquire a digital certificate for her domain from a certificate authority. What benefit would the certificate bring?
The certificate for "whistleblowerz.org" would associate a public key with the domain, and enable the server to use TLS for secure email sending
Nombeko is creating a social messaging app to use with her friends. She registers the domain "friendzers.com" to host the backend for the app. She then signs up for a digital certificate from a certificate authority and installs the certificate on the domain. What does the certificate prove?
The certificate proves that "friendzers.com" and the associated public key are owned by the same entity.
Mr. Jones bought a server where his students can upload their homework assignments, and mapped it to the domain "writing302.org". He then acquired a digital certificate for "writing302.org" from a certificate authority and installed it on the server.
The certificate proves that "writing302.org" and its associated encryption key are both owned by the same entity.
In 2011, the certificate authority GlobalSign reported that a cybercriminal managed to hack into their user-facing website. Upon discovery, GlobalSign stopped issuing new certificates and asked a security company to investigate whether the cybercriminal had infiltrated their certificate issuing infrastructure as well. They needed to make sure the cybercriminal did not make any false certificates during the attack. Why was it important that GlobalSign took steps to prevent the creation of false certificates?
The cybercriminal could create false certificates linking other organization's domains to their own private key, and then use those certificates during DNS spoofing attacks.
Which of these are NOT a part of the TLS/SSL protocol? 👁️Note that there are 2 answers to this question. Choose 2 answers:
a.Routing messages from computer to computer b.Breaking messages into packets
Which of these functionalities are provided by the TLS/SSL protocols? 👁️Note that there are 2 answers to this question.
a.Verifying a computer has a trusted certificate b.Establishing an encrypted communication channel between 2 computers
