This blog is the reading notes for the book HTTP/2 in Action. It requires the knowledge of HTTP/1.1 as I will only show the drawbacks of HTTP/1.1 the HTTP/2 intends to solve.
The book itself is nice, and cover all the main features with details. The only problem is the epub book has lost several diagrams and the contents of frames occupied a few pages while reading in my Kindle:(
This blog writes the takeaway notes of the TLS 1.3 handshake. To understand it, several basic crypto algorithms are required, such as SHA(security hash algorithm), DHE(Diffie-Hellman Exchange), KDF(key derivation function), DSA(digital signature algorithm) and AES. Moreover, understanding the PKI(public key infrastructure) is needed as well.
In this blog, the fundamental math formulas are not the focused parts. Instead, we focus on the whole workflow. The full details are stipulated by the rfc8446.
Recently, one of my friends told my company alerts you when you open the openai to suggest you use the company's internal gpt tool. However, the browser still treats this connection as secure because it satisfies the HTTPs requirement.
This is indeed the man-in-the-middle attack, which hijacks your connections as the middle man and then establish another connection to communicate. The root cause is that in your company device, the certificates of company's ISP are forcibly trusted. As a result, technically they could monitor and modify your requests when necessary.
After upgrading macOs, my go breaks as it cannot find the stdlib.h:
This blog notes brief ideas about Tor onion router design based on the paper of Tor: the 2nd Generation Onion Router. This blog will introduce what is tor, and how it's designed to work.