[Cryptography] At what point should people not use TLS?

Richard Outerbridge outer at interlog.com
Mon Apr 11 20:28:09 EDT 2016


> On 2016-04-11 (102), at 18:33:16, Bill Frantz <frantz at pwpconsult.com> wrote:
> 
> On 4/11/16 at 9:27 AM, rsalz at akamai.com (Salz, Rich) wrote:
> 
>>> It takes one year for a draft to start showing signs of finalization.
>> 
>> I do not know what this sentence means.
>> 
>>> When will TLS 1.3 be final?
>> 
>> As expressed at last week's IETF meeting, the goal is to be "done" at the next meeting IETF-95 in Berlin the third week of July.  And then go into an extended working group last call, so implementation issues (and additional security analysis) can be done, and then go into IETF last call perhaps in January?
>> 
>> Note that TLS 1.3 has had extensive input and review by various cryptographers, and a workshop (see TRON) devoted to same.
> 
> In addition, there are implementations which are tracking the evolving, but now mostly stable standard. The main lack of stability is with 0-RTT issues, which are still being discussed in the working group.
> 
> 0 Round Trip setup has issues with forward security and client authentication privacy. It is also a "must have" option for all the big web sites you have ever heard of. The working group is trying to come up with a solution which minimizes the risks. If you care more about security than about session setup time, don't use 0-RTT. The 1-RTT seems solid.

The big stakes 1% betraying us all over technicalities once again twisted in their favour.

Where have we seen that sort of behaviour before?
__outer



More information about the cryptography mailing list