[Cryptography] pedagogical sources for TLS
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jan 13 02:42:24 EST 2022
David Wong <davidwong.crypto at gmail.com> writes:
>https://davidwong.fr/tls13/ is a more readable version of the TLS
>specification (it's true that the format for RFCs is quite outdated), with
>some intro videos in major sections (although not all sections have videos,
>sorry about that...)
On the one hand that's an impressive amount of work to make the IPsec-level
complexity (and mess) of TLS 1.3 readable, but I'd argue that if you want to
understand a secure-session protocol you should go with TLS 1.0-2, not TLS 1.3
which is an entirely different protocol tuned not to providing a generic
secure session service but to make content delivery from large Internet
hosting providers as easy as possible for said providers. As such it makes
for an incredibly complex and hard-to-understand protocol because it's solving
a very different problem than TLS 1.0-2 did.
For teaching purposes, I wouldn't use TLS 1.3, you'll be teaching people how
to design an application-specific solution to a particular problem, not a
generic secure-session protocol.
Peter.
More information about the cryptography
mailing list