Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Transport Layer Security Version 1.3 Approved

posted by mrpg on Monday March 26 2018, @11:07AM   Printer-friendly
from the Certificate-verification-failed dept.

takyon writes:

The web will soon be a little safer with the approval of this new security standard

TLS 1.3 makes a few prominent changes that should keep you safe.

  • The "handshake" between client and server has been streamlined and encryption initiated earlier to minimize the amount of data transmitted in the clear.
  • "Forward secrecy," meaning hackers can't skim decryption keys from one exchange and use it to decrypt others later.
  • "Legacy" encryption algorithms have been removed as options, as these could occasionally be forced into use and their shortcomings leveraged to break the cipher on messages.
  • A new "0-RTT," or zero round-trip time, mode in which the server and client that have established some preliminaries before can get right to sending data without introducing themselves to each other again.

The whole standard is 155 pages long, and really only other engineers will want to dig in. But it's available here if you'd like to peruse it or go into detail on one of the new features.

Also at The Register.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Transport Layer Security Version 1.3 Approved | Log In/Create an Account | Top | 29 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by takyon on Monday March 26 2018, @12:50PM

    by takyon (881) <takyonNO@SPAMsoylentnews.org> on Monday March 26 2018, @12:50PM (#658398) Journal

    Reg article says:

    Another very important advantage to TLS 1.3 – but also one that some security experts are concerned about – is called "0-RTT Resumption" which effectively allows the client and server to remember if they have spoken before, and so forego all the checks, using previous keys to start talking immediately.

    That will make connections much faster but the concern of course is that someone malicious could get hold of the "0-RTT Resumption" information and pose as one of the parties. Although internet engineers are less concerned about this security risk – which would require getting access to a machine – than the TLS 1.2 system that allowed people to hijack and listen into a conversation.

    https://www.infosecurity-magazine.com/news/tls-protocol-13-approved/ [infosecurity-magazine.com]

    Specifically, the document stated: “This data is not a forward secret, as it is encrypted solely under keys derived using the offered PSK.

    “There are no guarantees of non-replay between connections. Protection against replay for ordinary TLS 1.3 1-RTT data is provided via the server's Random value, but 0-RTT data does not depend on the ServerHello and therefore has weaker guarantees. This is especially relevant if the data is authenticated either with TLS client authentication or inside the application protocol.”

    The document continued to say that 0-RTT data cannot be duplicated within a connection (i.e. the server will not process the same data twice for the same connection) and an attacker will not be able to make 0-RTT data appear to be 1-RTT data, because it is protected with different keys.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2