The TLS 1.3 Protocol

Eric Rescorla
Mozilla and RTFM, Inc.

Transport Layer Security (TLS) is used for securing everything from Web transactions (HTTPS) to voice and video calls (DTLS-SRTP). However, the basic design of TLS dates back to the mid 1990s and the protocol is starting to show its age: TLS contains a number of features which no longer seem desirable and recent analytic work has discovered a number of protocol vulnerabilities (Triple Handshake, Logjam, etc.). In addition, as cryptographic algorithms have gotten faster, handshake latency has become a higher priority and TLS's current handshake does not reflect the state of the art.

In order to address these issues, the IETF TLS Working Group is currently developing a major revision of TLS, dubbed "TLS 1.3". TLS 1.3 has five major objectives:

1. Clean up: Remove unused or unsafe features
2. Security: Improve security by using modern security analysis techniques
3. Privacy: Encrypt more of the protocol
4. Performance: Our target is a 1-RTT handshake for naive clients; 0-RTT handshake for repeat connections
5. Continuity: Maintain existing important use cases

In this talk, we will cover the TLS 1.3 protocol itself, its design process, and current status.

Slides:

Download the slides for this presentation in PDF format.

Videos:

• Join the live presentation. Wednesday November 18, 4:30-5:45.  Requires Microsoft Windows Media player.
• View the 2015 Stanford Archive Lectures
• View video by lecture sequence in HTML5. Available after 8PM Pacific on the day of the lecture.
• View Video on YouTube. The YouTube video is uploaded the day following the presentation. You may need to disable your pop-up blocker for this link to work. Or use the direct YouTube link.

About the speaker:

Eric Rescorla works at Mozilla, where he focuses on networking, security, voice, and video. He is presently the document editor for TLS 1.3 and is working on the TLS 1.3 implementation for Firefox.

Contact information:

Eric Rescorla