IETF Approves TLS 1.3 As Internet Standard (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

IETF Approves TLS 1.3 As Internet Standard (bleepingcomputer.com)

Posted by msmash on Monday March 26, 2018 @06:54AM from the next-up dept.

An anonymous reader writes: The Internet Engineering Task Force (IETF), the organization that approves proposed Internet standards and protocols, has formally approved TLS 1.3 as the next major version of the Transport Layer Security (TLS) protocol. The decision comes after four years of discussions and 28 protocol drafts, with the 28th being selected as the final version. TLS 1.3 is now expected to become the standard method in which a client and server establish an encrypted communications channel across the Internet -- aka HTTPS connections.

The protocol has several advantages over its previous version -- TLS 1.2. The biggest feature is that TLS 1.3 ditches older encryption and hashing algorithms (such as MD5 and SHA-224) for newer and harder to crack alternatives (such as ChaCha20, Poly1305, Ed25519, x25519, and x448). Second, TLS 1.3 is also much faster at negotiating the initial handshake between the client and the server, reducing the connection latency that many companies cited when justifying not supporting HTTPS over HTTP.

Browsers like Chrome, Edge, Firefox, and Pale Moon have already rolled out support for earlier versions of the TLS 1.3 draft, and are now expected to update this support to the official standard.

4 of 84 comments (clear)

Min score:

Reason:

Sort:

PFS made it by bill_mcgonigle · 2018-03-26 06:59 · Score: 5, Informative

I'm pretty sure this means the efforts to make PFS optional failed:

IETF members voted the protocol unanimously, even after members of the financial sector asked for the introduction of a backdoor in the protocol's structure, so financial institutions could decrypt TLS 1.3 traffic inside internal networks.
The proposal was laughed off by experts, who pointed out that the backdoor would effectively make TLS 1.3 useless in the first place.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Not a feature.... by shaitand · 2018-03-26 07:09 · Score: 3, Insightful

"The biggest feature is that TLS 1.3 ditches older encryption and hashing algorithms (such as MD5 and SHA-224) for newer and harder to crack alternatives"

Adding support for bigger and better algorithms and defaulting to them if available is a feature, dropping support is a nightmare. It's challenging enough communicating with things like embedded web servers on old ilo interfaces and the like because they did this with TLS 1.3. It should be strongly advised to update to the latest and greatest but it shouldn't be forced because it isn't always possible.
1. Re: Not a feature.... by ERJ · 2018-03-26 07:27 · Score: 3, Informative
  
  The fallback would happen at the protocol level if you need older crypto standards (I.e. TLS 1.3 fallback to TLS 1.2).
Re:A better alternative. by Alain+Williams · 2018-03-26 07:27 · Score: 4, Interesting

But I wish they would find a way to make encryption secure and much more cheaper (Certificates are still a killer, in terms of ease of installing, and price you often need to pay for them, for the amount of actual validation they give you for it)
Try looking at Let's Encrypt if you want free certificates.