[Cryptography] At what point should people not use TLS?
Bill Frantz
frantz at pwpconsult.com
Mon Apr 11 18:33:16 EDT 2016
On 4/11/16 at 9:27 AM, rsalz at akamai.com (Salz, Rich) wrote:
>>It takes one year for a draft to start showing signs of finalization.
>
>I do not know what this sentence means.
>
>>When will TLS 1.3 be final?
>
>As expressed at last week's IETF meeting, the goal is to be
>"done" at the next meeting IETF-95 in Berlin the third week of
>July. And then go into an extended working group last call, so
>implementation issues (and additional security analysis) can be
>done, and then go into IETF last call perhaps in January?
>
>Note that TLS 1.3 has had extensive input and review by various
>cryptographers, and a workshop (see TRON) devoted to same.
In addition, there are implementations which are tracking the
evolving, but now mostly stable standard. The main lack of
stability is with 0-RTT issues, which are still being discussed
in the working group.
0 Round Trip setup has issues with forward security and client
authentication privacy. It is also a "must have" option for all
the big web sites you have ever heard of. The working group is
trying to come up with a solution which minimizes the risks. If
you care more about security than about session setup time,
don't use 0-RTT. The 1-RTT seems solid.
Cheers Bill
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to
do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |
More information about the cryptography
mailing list