To make the Internet more secure, Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL) needs to be widely deployed by all kinds of applications across the Internet. People are generally familiar with TLS from the “https” and lock icons seen in web browsers, although often they know it more as “SSL”, but TLS can be used in so many other applications.
In this section of the Deploy360 site, we are planning to publish and promote resources that will help two audiences:
- Application developers seeking to add TLS support into their applications.
- Network operators seeking to understand how best to support the use of TLS-encrypted applications.
This is particularly critical now that the Internet Architecture Board (IAB) has stated the goal of making encryption the default across the Internet.
As we build out that content you can visit the following resources:
As part of that, we’ll be watching the work of the IETF Working Group called “Using TLS in Applications (UTA)” that is chartered to create a set of security guides to help application developers. More specifically, the UTA WG is charged with coming up with “best practices” for application developers that will help guard against some of the attacks against TLS that are outlined in draft-sheffer-uta-tls-attacks. As those guides become available we’ll be actively promoting them here and to the wider developer community. For more information about UTA, including how to join the public mailing list, please see these links:
Beyond the work of the UTA working group, of course, our aim is to bring you the best TLS tutorials and other documents we can find. We have a content roadmap we intend to fill – if you know of tutorials or documents we should consider (or have written some), please do let us know!
We’re looking forward to working with you all to collectively make the Internet more secure!