/tags/web/ Recent content in Web on Ctrl + Champagne Hugo en-us Thu, 03 Apr 2025 13:45:56 +0000 /posts/dnslb/ Thu, 03 Apr 2025 13:45:56 +0000 /posts/dnslb/ <h2 id="domain-name-system-traffic-distribution-on-a-budget">Domain Name System: traffic distribution on a budget</h2> <h3 id="its-not-magic">It&rsquo;s not magic</h3> <p>What happens when you type <code>leane.dev</code> in your browser?</p> <p>As a regular reader of this blog, I am allowing myself to take your <em>everyday</em> example.</p> <p>You want to access the server hosting this blog, but how do you reach it? On the Internet, routing is done by finding the path to a given Internet Protocol - IP. Thing is: you don&rsquo;t know my IP, not directly. It&rsquo;s easier to remember the hostname: leane.dev. Yet, the browser manages to display the blog to you.</p> /posts/digitcert/ Tue, 11 Feb 2025 13:45:56 +0000 /posts/digitcert/ <h2 id="kubernetes-cert-manager-for-letsencrypt-certificates">Kubernetes cert-manager for LetsEncrypt certificates</h2> <h3 id="digital-certificates-raison-dêtre-and-usage">Digital Certificates raison d&rsquo;être and usage</h3> <p>Certificates are exchanged as part of the TLS handshake. This allows the client to ensure the entity it is trying to establish a connection with is authentically the <em>genuine</em> server.</p> <p>Note: see other posts under this tag for a few words on TLS handshakes and mentions of the attacks it protects against.</p> <p>A certificate contains: the issuer details, its expiration date, the entity&rsquo;s public key for asymmetric encryption and a signature (encrypted server&rsquo;s public key).</p> /posts/quic/ Mon, 10 Feb 2025 13:45:56 +0000 /posts/quic/ <h2 id="the-fast-alternative-to-tcptls">The <em>fast</em> alternative to TCP+TLS</h2> <h3 id="what-is-quic">What is QUIC?</h3> <p>The Quick UDP Internet Connection (QUIC) protocol is an encrypted connection protocol operating on the Layer 4 - Transport Layer of the OSI model.</p> <p>Developed at Google around 2012, it has only been adopted as a standard by IETF in 2021.</p> <p>The current and widely used solution of HTTPS using TLS is built is on top of the TCP protocol. The <a href="https://en.wikipedia.org/wiki/Transmission_Control_Protocol">TCP handshake</a> and the <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">TLS handshake</a> need to be completed to establish a path to communicate between a server and a client. As a result, multiple rounds trips to initiate a connection and negotiate the encryption parameters are required - two at the very least, depending on the TLS version used.</p> /posts/hsts/ Sat, 08 Feb 2025 13:45:56 +0000 /posts/hsts/ <h2 id="a-brief-overview-of-hsts-protocol-or-why-i-chose-the-dev-domain">A brief overview of HSTS protocol or why I chose the .dev domain</h2> <h3 id="quick-intro">Quick intro</h3> <p>What happens when you&rsquo;re back from a family weekend in a cabin in the woods with no internet?</p> <p>I&rsquo;d probably check my dog&rsquo;s instagram account first. On the browser: instagram.com and &hellip; my browser is making a call to <code>http://instagram.com</code></p> <p>Exactly! I haven&rsquo;t explicitly used <code>https</code>, so where does this leave me? Exposed to all sorts of man-in-the-middle attacks that wikipedia can list for us in a scary way - <a href="https://en.wikipedia.org/wiki/Session_hijacking%22">session hijacking</a>, <a href="https://en.wikipedia.org/wiki/Downgrade_attack">protocol downgrade attack</a>, etc.</p>