dont put lists inside <p> tags

This commit is contained in:
forest 2021-01-30 22:41:20 -06:00
parent 01a31be091
commit bef26c38cf

View File

@ -27,6 +27,7 @@
<p>
Computers can generate <b>"key pairs"</b> which consist of a public key and a private key. Given a <b>public key pair A</b>:
</p>
<ol>
<li>
A computer which has access to <b>public key A</b> can encrypt data,
@ -38,15 +39,19 @@
thus <b>PROVING</b> the message must have come from someone who posesses <b>private key A</b>
</li>
</ol>
<p>
Key exchange is a process in which two computers, Computer A and Computer B (often referred to as Alice and Bob)
both create key pairs, so you have <b>key pair A</b> and <b>key pair B</b>, for a total of 4 keys:
</p>
<ol>
<li><b>public key A</b></li>
<li><b>private key A</b></li>
<li><b>public key B</b></li>
<li><b>private key B</b></li>
</ol>
<p>
In simplified terms, during a key exchange,
</p>
<ol>
<li><b>computer A</b> sends <b>computer B</b> its public key</li>
<li><b>computer B</b> sends <b>computer A</b> its public key</li>
@ -55,6 +60,7 @@
<li><b>computer B</b> sends <b>computer A</b>
a message which is encrypted with <b>computer A</b>'s public key</li>
</ol>
<p>
The way this process is carried out allows A and B to communicate with each-other securely, which is great, <br/><br/>
<b><u>HOWEVER, there is a catch!!</u></b>
@ -115,7 +121,7 @@
Critically, issue date, expiration date, and the domain name of the web server, like foo.example.com, would have to be included
in the x.509 certiciate along with the public key.
This way, when the user types https://foo.example.com into thier web browser:
</p>
<ol>
<li>The web browser sends a TLS ClientHello request to the server</li>
<li>
@ -143,7 +149,6 @@
</li>
<li>Assuming all the checks pass, the web browser trusts the certificate and connects</li>
</ol>
</p>
<p>
This system enabled the internet to grow and flourish:
purchasing from a CA was the only way to get a valid X.509 certificate for a website,
@ -155,6 +160,7 @@
</p>
<p>
The TLS+X.509 Certificate Authority works well for HTTP and other application protocols, because
</p>
<ul>
<li>Most internet users don't have the patience to manually verify the authenticity of digital certificates.</li>
<li>Most internet users don't understand or care how it works; they just want to connect right now.</li>
@ -163,7 +169,6 @@
<li>The centralization & problematic power dynamic which CAs represent
is easily swept under the rug, if it doesn't directly or noticably impact the average person, who cares?</li>
</ul>
</p>
<p>
However, this would never fly with SSH. You have to understand, SSH does not come from Microsoft, it does not come from Apple,