DeepSec 2016 Talk: TLS 1.3 – Lessons Learned from Implementing and Deploying the Latest Protocol – Nick Sullivan
Version 1.3 is the latest Transport Layer Security (TLS) protocol, which allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. TLS is the S in HTTPS. TLS was last changed in 2008, and a lot of progress has been made since then. CloudFlare will be the first company to deploy this on a wide scale. In his talk Nick Sullivan will be able to discuss the insights his team gained while implementing and deploying this protocol. Nick will explore differences between TLS 1.3 and previous versions in detail, focusing on the security improvements of the new protocol as well as some of the challenges his team faces around securely implementing new features such as 0-RTT resumption. He’ll also demonstrate an attack on the way some browsers have chosen to implement TLS 1.3. We asked Nick some questions about his topic of interest.
Please tell us the top 5 facts about your talk.
- You’ll learn about the process of defining an IETF standard
- We’ll explore why AEAD is one of the most important terms in transport security
- I’ll demonstrate how to share connections between C and Go processes
- I’ll share real world data about the benefits of TLS 1.3
- We’ll explore the term “DJB all the things”
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I’ve been working with my team on building a TLS 1.3 implementation for most of the year and thought DeepSec would be a great venue to showcase our work.
Why do you think this is an important topic?
TLS is often the last defence for data sent on the Internet, fixing it and raising the profile of the new version are very important for the future of security online.
Is there something you want everybody to know – Some good advice for our readers maybe?
Cryptography protocols and best practices are constantly changing, it’s easy to configure them insecurely.
A prediction about the future – what do you think will be the next innovations or future downfalls when it comes to particularly your field of expertise / the topic of your talk?
I hope TLS 1.3 gets adopted quickly. The performance gain will be a strong motivator for that. But that also means that TLS 1.3 is probably the last update to TLS that brings something significant other than security benefits, so hopefully we got the security right.
Nick Sullivan is a leading cryptography and security technologist. He currently works on cryptographic products and strategy for CloudFlare. Previously, he held the prestigious title of “Mathemagician” at Apple, where he encrypted books, songs, movies and other varieties of mass media.