Below you will find pages that utilize the taxonomy term “Web”
Posts
read more
The Poor Man's Load Balancer
Domain Name System: traffic distribution on a budget
It’s not magic
What happens when you type leane.dev in
your browser?
As a regular reader of this blog, I am allowing myself to take your everyday example.
You want to access the server hosting this blog, but how do you reach it? On the Internet, routing is done by finding the path to a given Internet Protocol - IP. Thing is: you don’t know my IP, not directly. It’s easier to remember the hostname: leane.dev. Yet, the browser manages to display the blog to you.
Posts
read more
Automating Digital Certificates renewal
Kubernetes cert-manager for LetsEncrypt certificates
Digital Certificates raison d’être and usage
Certificates are exchanged as part of the TLS handshake. This allows the client to ensure the entity it is trying to establish a connection with is authentically the genuine server.
Note: see other posts under this tag for a few words on TLS handshakes and mentions of the attacks it protects against.
A certificate contains: the issuer details, its expiration date, the entity’s public key for asymmetric encryption and a signature (encrypted server’s public key).
Posts
read more
The QUICk brown fox jumps over the lazy dog
The fast alternative to TCP+TLS
What is QUIC?
The Quick UDP Internet Connection (QUIC) protocol is an encrypted connection protocol operating on the Layer 4 - Transport Layer of the OSI model.
Developed at Google around 2012, it has only been adopted as a standard by IETF in 2021.
The current and widely used solution of HTTPS using TLS is built is on top of the TCP protocol. The TCP handshake and the TLS handshake need to be completed to establish a path to communicate between a server and a client. As a result, multiple rounds trips to initiate a connection and negotiate the encryption parameters are required - two at the very least, depending on the TLS version used.
Posts
read more
HSTS & .dev domain
A brief overview of HSTS protocol or why I chose the .dev domain
Quick intro
What happens when you’re back from a family weekend in a cabin in the woods with no internet?
I’d probably check my dog’s instagram account first.
On the browser: instagram.com and … my browser is making a call to http://instagram.com
Exactly! I haven’t explicitly used https, so where does this leave me? Exposed to all sorts of man-in-the-middle attacks that wikipedia can list for us in a scary way - session hijacking, protocol downgrade attack, etc.