Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Firefox The Internet

Internet Engineering Task Force Releases the Final Version of TLS 1.3; Newest Chrome and Firefox Versions Already Support a Draft Version of It (cnet.com) 28

The encryption that protects your browser's connection to websites is getting a notch faster and a notch safer to use. From a report: That's because the Internet Engineering Task Force (IETF) on Friday finished a years-long process of modernizing the technology used to secure website communications. You may never have heard of Transport Layer Security -- TLS for short -- but version 1.3 is now complete and headed to websites, browsers and other parts of the internet that rely on its security. "Publishing TLS 1.3 is a huge accomplishment. It is one the best recent examples of how it is possible to take 20 years of deployed legacy code and change it on the fly, resulting in a better internet for everyone," said Nick Sullivan, head of cryptography for Cloudflare, which helps customers distribute their websites and other content around the world, in a blog post.

TLS 1.3 brings some significant improvements over TLS 1.2, which was finished 10 years ago. Perhaps first on the list is that it'll mean websites load faster. Setting up an encrypted connection on the web historically has caused delays since your browser and the website server must send information back and forth in a process called a handshake. The slower your broadband or the more congested your mobile network is, the more you'll notice these delays.
Firefox and Chrome already support a draft version of TLS 1.3.
This discussion has been archived. No new comments can be posted.

Internet Engineering Task Force Releases the Final Version of TLS 1.3; Newest Chrome and Firefox Versions Already Support a Draf

Comments Filter:
  • Pretty fly (Score:3, Insightful)

    by jargonburn ( 1950578 ) on Monday August 13, 2018 @04:13PM (#57118664)
    From Wikipedia:

    TLS 1.3 was added to Firefox 52.0, which was released in March 2017

    TLS 1.3 was defined in RFC 8446 in August 2018.

    And the summary:

    it is possible to take 20 years of deployed legacy code and change it on the fly

    First, I disagree with "on the fly" in this context.

    Second, *shudder*

    • TLS 1.3 was added to Firefox 52.0, which was released in March 2017

      TLS 1.3 was defined in RFC 8446 in August 2018.

      It was obviously built out of tachyons.

      • No, is not made of tachions. The way standards work, is that drafts are circulated, and barring any major weirdass cornercases, what is ratified is pretty close, if not exactly equal tot he draft.

        Remember all those "Pre-n" wifi APs at the end of last decade? Similar thing.

        Therefore support for TLS 1.3 (as described in the draft) was added to firefox 52, and the draft was ratified into official standard in Aug 2018. No tachions involved.

        • I'm quite well aware the "draft" versions of standards...my joke was in regards to the "on the fly" bit. :-)
  • Elliptic prime field curves including NIST and Dan Bernstein curves which have psuedo-mersenne primes with sparse representation are allowed in TLS v1.3.

    However Brainpool curves with "random-like" non-sparse primes, are banned in TLS v1.3, even those these curves provide additional security protection against refined power analysis attacks including those that utilize zero values and zero coordinates. Note Brainpool curves are currently supported in TLS v1.2.

    I am not against TLS v1.3 support for sparse prime curves, but it is bad for security not to also include an option to include the most popular non-sparse prime curves, when TLS v1.2 has it, especially in use cases where protection against physical attacks is required.

    • Elliptic prime field curves including NIST and Dan Bernstein curves which have psuedo-mersenne primes with sparse representation are allowed in TLS v1.3.

      TLS v1.4 will use Amazon Prime field curves ...

    • However Brainpool curves with "random-like" non-sparse primes, are banned in TLS v1.3, even those these curves provide additional security protection against refined power analysis attacks including those that utilize zero values and zero coordinates. Note Brainpool curves are currently supported in TLS v1.2.

      I really miss the discussions about things like string theory, at least they pretend to be in english.

      I think my brain was Slashdotted by your post, oldschool style :)

  • We are told The new protocol aims to comprehensively thwart any attempts by the NSA and other eavesdroppers to decrypt intercepted HTTPS connections [theregister.co.uk], but can anyone say for sure that the spooks had not slipped something in ? They have plenty of budget and the ability to make secret court orders.

    • One would need to be very, very clever to "slip something in" to TLS 1.3. A lot of very smart people have been looking at it very closely for a long time.

      In my experience, the saps who take jobs at government salaries aren't all that clever most of the time. Heck, look at who has the TOP job in the federal government. ;)

      I can't prove that an alien spaceship won't land on my lawn tonight, but I consider it unlikely.

  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) on Monday August 13, 2018 @06:09PM (#57119212)
    Comment removed based on user account deletion
  • "You may never have heard of Transport Layer Security -- TLS for short"

    Sheesh... what site do the editors think they're on?

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...