Internet Engineering Task Force Releases the Final Version of TLS 1.3; Newest Chrome and Firefox Versions Already Support a Draft Version of It (cnet.com) 28
The encryption that protects your browser's connection to websites is getting a notch faster and a notch safer to use. From a report: That's because the Internet Engineering Task Force (IETF) on Friday finished a years-long process of modernizing the technology used to secure website communications. You may never have heard of Transport Layer Security -- TLS for short -- but version 1.3 is now complete and headed to websites, browsers and other parts of the internet that rely on its security. "Publishing TLS 1.3 is a huge accomplishment. It is one the best recent examples of how it is possible to take 20 years of deployed legacy code and change it on the fly, resulting in a better internet for everyone," said Nick Sullivan, head of cryptography for Cloudflare, which helps customers distribute their websites and other content around the world, in a blog post.
TLS 1.3 brings some significant improvements over TLS 1.2, which was finished 10 years ago. Perhaps first on the list is that it'll mean websites load faster. Setting up an encrypted connection on the web historically has caused delays since your browser and the website server must send information back and forth in a process called a handshake. The slower your broadband or the more congested your mobile network is, the more you'll notice these delays. Firefox and Chrome already support a draft version of TLS 1.3.
TLS 1.3 brings some significant improvements over TLS 1.2, which was finished 10 years ago. Perhaps first on the list is that it'll mean websites load faster. Setting up an encrypted connection on the web historically has caused delays since your browser and the website server must send information back and forth in a process called a handshake. The slower your broadband or the more congested your mobile network is, the more you'll notice these delays. Firefox and Chrome already support a draft version of TLS 1.3.
Pretty fly (Score:3, Insightful)
TLS 1.3 was added to Firefox 52.0, which was released in March 2017
TLS 1.3 was defined in RFC 8446 in August 2018.
And the summary:
it is possible to take 20 years of deployed legacy code and change it on the fly
First, I disagree with "on the fly" in this context.
Second, *shudder*
Re: (Score:1)
TLS 1.3 was added to Firefox 52.0, which was released in March 2017
TLS 1.3 was defined in RFC 8446 in August 2018.
It was obviously built out of tachyons.
Re: (Score:2)
No, is not made of tachions. The way standards work, is that drafts are circulated, and barring any major weirdass cornercases, what is ratified is pretty close, if not exactly equal tot he draft.
Remember all those "Pre-n" wifi APs at the end of last decade? Similar thing.
Therefore support for TLS 1.3 (as described in the draft) was added to firefox 52, and the draft was ratified into official standard in Aug 2018. No tachions involved.
Re: (Score:2)
Brainpool curves banned in TLS v1.3, bad security (Score:3)
Elliptic prime field curves including NIST and Dan Bernstein curves which have psuedo-mersenne primes with sparse representation are allowed in TLS v1.3.
However Brainpool curves with "random-like" non-sparse primes, are banned in TLS v1.3, even those these curves provide additional security protection against refined power analysis attacks including those that utilize zero values and zero coordinates. Note Brainpool curves are currently supported in TLS v1.2.
I am not against TLS v1.3 support for sparse prime curves, but it is bad for security not to also include an option to include the most popular non-sparse prime curves, when TLS v1.2 has it, especially in use cases where protection against physical attacks is required.
Re: (Score:2)
Elliptic prime field curves including NIST and Dan Bernstein curves which have psuedo-mersenne primes with sparse representation are allowed in TLS v1.3.
TLS v1.4 will use Amazon Prime field curves ...
Re: (Score:3)
Re: (Score:2)
However Brainpool curves with "random-like" non-sparse primes, are banned in TLS v1.3, even those these curves provide additional security protection against refined power analysis attacks including those that utilize zero values and zero coordinates. Note Brainpool curves are currently supported in TLS v1.2.
I really miss the discussions about things like string theory, at least they pretend to be in english.
I think my brain was Slashdotted by your post, oldschool style :)
How much involvement from the NSA ? (Score:2)
We are told The new protocol aims to comprehensively thwart any attempts by the NSA and other eavesdroppers to decrypt intercepted HTTPS connections [theregister.co.uk], but can anyone say for sure that the spooks had not slipped something in ? They have plenty of budget and the ability to make secret court orders.
Re:How much involvement from the NSA ? (Score:4, Interesting)
Spend any time browsing TLS mailing lists and you'll find an alarming lack of individuals with proper background to evaluate the protocol. It's more likely NSA felt wasting resources on intentional subversion was unnecessary and redundant.
That was certainly the case with 1.3. It's not that there weren't good crypotographers involved, but you need to look at the way the protocol was designed. It has every feature that every person on the mailing list who works for a large Internet company (so Google, Facebook, Akamai, Cloudflare, and a few others) could think of in it, and then some more stuff added by other players where no-one was interested enough to challenge the addition. The crypto parts may be OK, but the whole protocol is such a monstrous destructively-interacting clusterfuck of every feature that Google wanted for its use, every feature that Facebook wanted for its use, every feature that Akamai wanted for its use, and more, that it's going to be years, if ever, before all the problems get sorted out.
The OP mentions "20 years of deployed legacy code", that's 20 years of code that's been tuned and fixed up to address issues, not 20 year-old abandonware. TLS 1.3 resets the counter to 0-day, everyone needs to start again from scratch to play catch-up with all the problems that are hiding in there.
So yes, the NSA didn't need to do anything to fsck things up, the design process has already taken care of that.
Would need to be very, very clever. And they arent (Score:2)
One would need to be very, very clever to "slip something in" to TLS 1.3. A lot of very smart people have been looking at it very closely for a long time.
In my experience, the saps who take jobs at government salaries aren't all that clever most of the time. Heck, look at who has the TOP job in the federal government. ;)
I can't prove that an alien spaceship won't land on my lawn tonight, but I consider it unlikely.
Comment removed (Score:3, Interesting)
News for numpties (Score:2)
"You may never have heard of Transport Layer Security -- TLS for short"
Sheesh... what site do the editors think they're on?