3wordchant
/
capsul-flask
1
0
Fork 1
Code Issues Pull Requests 1 Releases Wiki Activity

dont put lists inside <p> tags

This commit is contained in:
forest 2021-01-30 22:41:20 -06:00
parent 01a31be091
commit bef26c38cf
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
capsulflask/templates/about-ssh.html
View File

@ -27,6 +27,7 @@
<p> <p>
Computers can generate <b>"key pairs"</b> which consist of a public key and a private key. Given a <b>public key pair A</b>: Computers can generate <b>"key pairs"</b> which consist of a public key and a private key. Given a <b>public key pair A</b>:
</p>
<ol> <ol>
<li> <li>
A computer which has access to <b>public key A</b> can encrypt data, A computer which has access to <b>public key A</b> can encrypt data,
@ -38,15 +39,19 @@
thus <b>PROVING</b> the message must have come from someone who posesses <b>private key A</b> thus <b>PROVING</b> the message must have come from someone who posesses <b>private key A</b>
</li> </li>
</ol> </ol>
<p>
Key exchange is a process in which two computers, Computer A and Computer B (often referred to as Alice and Bob) Key exchange is a process in which two computers, Computer A and Computer B (often referred to as Alice and Bob)
both create key pairs, so you have <b>key pair A</b> and <b>key pair B</b>, for a total of 4 keys: both create key pairs, so you have <b>key pair A</b> and <b>key pair B</b>, for a total of 4 keys:
</p>
<ol> <ol>
<li><b>public key A</b></li> <li><b>public key A</b></li>
<li><b>private key A</b></li> <li><b>private key A</b></li>
<li><b>public key B</b></li> <li><b>public key B</b></li>
<li><b>private key B</b></li> <li><b>private key B</b></li>
</ol> </ol>
<p>
In simplified terms, during a key exchange, In simplified terms, during a key exchange,
</p>
<ol> <ol>
<li><b>computer A</b> sends <b>computer B</b> its public key</li> <li><b>computer A</b> sends <b>computer B</b> its public key</li>
<li><b>computer B</b> sends <b>computer A</b> its public key</li> <li><b>computer B</b> sends <b>computer A</b> its public key</li>
@ -55,6 +60,7 @@
<li><b>computer B</b> sends <b>computer A</b> <li><b>computer B</b> sends <b>computer A</b>
a message which is encrypted with <b>computer A</b>'s public key</li> a message which is encrypted with <b>computer A</b>'s public key</li>
</ol> </ol>
<p>
The way this process is carried out allows A and B to communicate with each-other securely, which is great, <br/><br/> The way this process is carried out allows A and B to communicate with each-other securely, which is great, <br/><br/>
<b><u>HOWEVER, there is a catch!!</u></b> <b><u>HOWEVER, there is a catch!!</u></b>
@ -115,7 +121,7 @@
Critically, issue date, expiration date, and the domain name of the web server, like foo.example.com, would have to be included Critically, issue date, expiration date, and the domain name of the web server, like foo.example.com, would have to be included
in the x.509 certiciate along with the public key. in the x.509 certiciate along with the public key.
This way, when the user types https://foo.example.com into thier web browser: This way, when the user types https://foo.example.com into thier web browser:
</p>
<ol> <ol>
<li>The web browser sends a TLS ClientHello request to the server</li> <li>The web browser sends a TLS ClientHello request to the server</li>
<li> <li>
@ -143,7 +149,6 @@
</li> </li>
<li>Assuming all the checks pass, the web browser trusts the certificate and connects</li> <li>Assuming all the checks pass, the web browser trusts the certificate and connects</li>
</ol> </ol>
</p>
<p> <p>
This system enabled the internet to grow and flourish: This system enabled the internet to grow and flourish:
purchasing from a CA was the only way to get a valid X.509 certificate for a website, purchasing from a CA was the only way to get a valid X.509 certificate for a website,
@ -155,6 +160,7 @@
</p> </p>
<p> <p>
The TLS+X.509 Certificate Authority works well for HTTP and other application protocols, because The TLS+X.509 Certificate Authority works well for HTTP and other application protocols, because
</p>
<ul> <ul>
<li>Most internet users don't have the patience to manually verify the authenticity of digital certificates.</li> <li>Most internet users don't have the patience to manually verify the authenticity of digital certificates.</li>
<li>Most internet users don't understand or care how it works; they just want to connect right now.</li> <li>Most internet users don't understand or care how it works; they just want to connect right now.</li>
@ -163,7 +169,6 @@
<li>The centralization & problematic power dynamic which CAs represent <li>The centralization & problematic power dynamic which CAs represent
is easily swept under the rug, if it doesn't directly or noticably impact the average person, who cares?</li> is easily swept under the rug, if it doesn't directly or noticably impact the average person, who cares?</li>
</ul> </ul>
</p>
<p> <p>
However, this would never fly with SSH. You have to understand, SSH does not come from Microsoft, it does not come from Apple, However, this would never fly with SSH. You have to understand, SSH does not come from Microsoft, it does not come from Apple,