Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Engineering Task Force Releases the Final Version of TLS 1.3; Newest Chrome and Firefox Versions Already Support a Draft Version of It (cnet.com)

Posted by msmash on from the need-for-speed dept.

The encryption that protects your browser's connection to websites is getting a notch faster and a notch safer to use. From a report: That's because the Internet Engineering Task Force (IETF) on Friday finished a years-long process of modernizing the technology used to secure website communications. You may never have heard of Transport Layer Security -- TLS for short -- but version 1.3 is now complete and headed to websites, browsers and other parts of the internet that rely on its security. "Publishing TLS 1.3 is a huge accomplishment. It is one the best recent examples of how it is possible to take 20 years of deployed legacy code and change it on the fly, resulting in a better internet for everyone," said Nick Sullivan, head of cryptography for Cloudflare, which helps customers distribute their websites and other content around the world, in a blog post.

TLS 1.3 brings some significant improvements over TLS 1.2, which was finished 10 years ago. Perhaps first on the list is that it'll mean websites load faster. Setting up an encrypted connection on the web historically has caused delays since your browser and the website server must send information back and forth in a process called a handshake. The slower your broadband or the more congested your mobile network is, the more you'll notice these delays. Firefox and Chrome already support a draft version of TLS 1.3.

28 comments

  1. Skipping the handshake by Anonymous Coward · · Score: 0

    I can already see the DDoS of the future from here.

    1. Re: Skipping the handshake by Anonymous Coward · · Score: 0

      NERD!!!!

      It's swirley time!!!!! Line up nerds!!!!

    2. Re:Skipping the handshake by Anonymous Coward · · Score: 0

      Imagine a distributed cluster of handshakes encrypting and decrypting each other. It overcharges the CPU, and worse if the device is a smartphone.

      I thought that the middle man is the main risk.

    3. Re:Skipping the handshake by Anonymous Coward · · Score: 0

      I can already see the DDoS of the future from here.

      Nothing is being skipped. TLS 1.3 remembers it shook your sweaty slimy hand in the past and seeks to avoid that experience in the future.

    4. Re: Skipping the handshake by Anonymous Coward · · Score: 0

      There was a good talk at Black Hat about a new feature âoe0-RTTâ. It allows replays, which means you have to pick/choose carefully where to enable that feature.
      0RTT is supposed to improve performance on mobile connections.

  2. Pretty fly by jargonburn · · Score: 2, Insightful
    From Wikipedia:

    TLS 1.3 was added to Firefox 52.0, which was released in March 2017

    TLS 1.3 was defined in RFC 8446 in August 2018.

    And the summary:

    it is possible to take 20 years of deployed legacy code and change it on the fly

    First, I disagree with "on the fly" in this context.

    Second, *shudder*

    1. Re:Pretty fly by mmmVenison · · Score: 1

      TLS 1.3 was added to Firefox 52.0, which was released in March 2017

      TLS 1.3 was defined in RFC 8446 in August 2018.

      It was obviously built out of tachyons.

      --
      Offended? Find a safe space and cry yourself to sleep.
    2. Re:Pretty fly by williamyf · · Score: 1

      No, is not made of tachions. The way standards work, is that drafts are circulated, and barring any major weirdass cornercases, what is ratified is pretty close, if not exactly equal tot he draft.

      Remember all those "Pre-n" wifi APs at the end of last decade? Similar thing.

      Therefore support for TLS 1.3 (as described in the draft) was added to firefox 52, and the draft was ratified into official standard in Aug 2018. No tachions involved.

      --
      *** Suerte a todos y Feliz dia!
    3. Re:Pretty fly by jargonburn · · Score: 1

      I'm quite well aware the "draft" versions of standards...my joke was in regards to the "on the fly" bit. :-)

  3. Draft post. by Anonymous Coward · · Score: 0

    Might explain why I'm having so many TLS problems, from slow connection, to can't access.

  4. Brainpool curves banned in TLS v1.3, bad security by ad454 · · Score: 2

    Elliptic prime field curves including NIST and Dan Bernstein curves which have psuedo-mersenne primes with sparse representation are allowed in TLS v1.3.

    However Brainpool curves with "random-like" non-sparse primes, are banned in TLS v1.3, even those these curves provide additional security protection against refined power analysis attacks including those that utilize zero values and zero coordinates. Note Brainpool curves are currently supported in TLS v1.2.

    I am not against TLS v1.3 support for sparse prime curves, but it is bad for security not to also include an option to include the most popular non-sparse prime curves, when TLS v1.2 has it, especially in use cases where protection against physical attacks is required.

  5. How much involvement from the NSA ? by Alain+Williams · · Score: 1

    We are told The new protocol aims to comprehensively thwart any attempts by the NSA and other eavesdroppers to decrypt intercepted HTTPS connections, but can anyone say for sure that the spooks had not slipped something in ? They have plenty of budget and the ability to make secret court orders.

    1. Re:How much involvement from the NSA ? by Anonymous Coward · · Score: 0

      We are told The new protocol aims to comprehensively thwart any attempts by the NSA and other eavesdroppers to decrypt intercepted HTTPS connections, but can anyone say for sure that the spooks had not slipped something in ? They have plenty of budget and the ability to make secret court orders.

      Spend any time browsing TLS mailing lists and you'll find an alarming lack of individuals with proper background to evaluate the protocol. It's more likely NSA felt wasting resources on intentional subversion was unnecessary and redundant.

    2. Re:How much involvement from the NSA ? by arglebargle_xiv · · Score: 3, Interesting

      Spend any time browsing TLS mailing lists and you'll find an alarming lack of individuals with proper background to evaluate the protocol. It's more likely NSA felt wasting resources on intentional subversion was unnecessary and redundant.

      That was certainly the case with 1.3. It's not that there weren't good crypotographers involved, but you need to look at the way the protocol was designed. It has every feature that every person on the mailing list who works for a large Internet company (so Google, Facebook, Akamai, Cloudflare, and a few others) could think of in it, and then some more stuff added by other players where no-one was interested enough to challenge the addition. The crypto parts may be OK, but the whole protocol is such a monstrous destructively-interacting clusterfuck of every feature that Google wanted for its use, every feature that Facebook wanted for its use, every feature that Akamai wanted for its use, and more, that it's going to be years, if ever, before all the problems get sorted out.

      The OP mentions "20 years of deployed legacy code", that's 20 years of code that's been tuned and fixed up to address issues, not 20 year-old abandonware. TLS 1.3 resets the counter to 0-day, everyone needs to start again from scratch to play catch-up with all the problems that are hiding in there.

      So yes, the NSA didn't need to do anything to fsck things up, the design process has already taken care of that.

  6. Would need to be very, very clever. And they arent by raymorris · · Score: 1

    One would need to be very, very clever to "slip something in" to TLS 1.3. A lot of very smart people have been looking at it very closely for a long time.

    In my experience, the saps who take jobs at government salaries aren't all that clever most of the time. Heck, look at who has the TOP job in the federal government. ;)

    I can't prove that an alien spaceship won't land on my lawn tonight, but I consider it unlikely.

  7. Re:Brainpool curves banned in TLS v1.3, bad securi by fahrbot-bot · · Score: 1

    Elliptic prime field curves including NIST and Dan Bernstein curves which have psuedo-mersenne primes with sparse representation are allowed in TLS v1.3.

    TLS v1.4 will use Amazon Prime field curves ...

    --
    It must have been something you assimilated. . . .
  8. Cloudflare by c++horde · · Score: 3, Interesting

    Be very wary of Cloudflare. This company wants all of your DNS traffic, had Mozilla build it into their web browser under the guise of DNS privacy, now we have TLS 1.3, which they have been pushing hard. There is something in TLS 1.3 that benefits Cloudflare and it will be a matter of time before we know. This increased speed they claim is relative, the "less hacks" from older ciphers is easily dealt with, but the finger print that is in the messages is alarming.

  9. TLS implementations allowed more protocols anyway. by Anonymous Coward · · Score: 0

    Even if they are "banned" (which IMHO was a deliberate NSAsshole move), a TLS implementation can still offer arbitrtary curves, ciphers, etc.
    All it means, is that implementations are not forced to offer those curves/ciphers/, but are expected to offer those that are included in the standard.
    And it means I can just set my software or my installation to not accept those ones that I do not trust, but include Brainpool anyway, if I so desire. And if the other side does not like that, it can go fuck its untrustworthy self.

  10. Re:Brainpool curves banned in TLS v1.3, bad securi by fibonacci8 · · Score: 2

    I'm holding out for TLS v1.5 with Optimus Prime curves.

    --
    Inheritance is the sincerest form of nepotism.
  11. Re:Would need to be very, very clever. And they ar by Anonymous Coward · · Score: 0

    One would need to be very, very clever to "slip something in" to TLS 1.3. A lot of very smart people have been looking at it very closely for a long time.

    Heard this bullshit so many times I immediately dismiss it out of hand every time it's invoked. If you have objective evidence of merit supporting an assertion to share with us it is most welcomed. Nebulous characterizations that do nothing more than communicate your seemingly ill-informed OPINION have no value to myself or anyone else.

    In my experience, the saps who take jobs at government salaries aren't all that clever most of the time.

    NSA is TOP employer of mathematicians in the United States.

    Heck, look at who has the TOP job in the federal government. ;)

    Obviously (also) irrelevant.

    I can't prove that an alien spaceship won't land on my lawn tonight, but I consider it unlikely.

    Yawn... this too.

  12. Re:Brainpool curves banned in TLS v1.3, bad securi by Anonymous Coward · · Score: 0

    You will have to wait a little bit, this version is not expected before DeceptiCON 2020.

  13. Re:Brainpool curves banned in TLS v1.3, bad securi by Anonymous Coward · · Score: 0

    Ha!, this post is clearly fake!.

    Optimus has never been known for it's "curves". Bumblebee, on the other hand...

  14. Re:Brainpool curves banned in TLS v1.3, bad securi by Anonymous Coward · · Score: 0

    They may have aligned with findings from Safecurve project.

  15. Re:Brainpool curves banned in TLS v1.3, bad securi by thegarbz · · Score: 1

    However Brainpool curves with "random-like" non-sparse primes, are banned in TLS v1.3, even those these curves provide additional security protection against refined power analysis attacks including those that utilize zero values and zero coordinates. Note Brainpool curves are currently supported in TLS v1.2.

    I really miss the discussions about things like string theory, at least they pretend to be in english.

    I think my brain was Slashdotted by your post, oldschool style :)

  16. News for numpties by coofercat · · Score: 1

    "You may never have heard of Transport Layer Security -- TLS for short"

    Sheesh... what site do the editors think they're on?