TLS 1.3 – Internet Security Gets a Boost Thumbnail
Improving Technical Security 10 August 2018

TLS 1.3 – Internet Security Gets a Boost

By Olaf KolkmanPrincipal - Internet Technology, Policy, and Advocacy

Today marks the formal publication of an overhaul of the Transport Layer Security (TLS) protocol. TLS is an Internet standard used to prevent eavesdropping, tampering, and message forgery for various Internet applications. It is probably the most widely deployed network security standard in the world. Often indicated by the small green padlock in a web browser’s address bar1, TLS  is used in financial transactions, by medical institutions, and to ensure secure connections in a wide variety of other applications.

We believe the new version of this protocol, TLS 1.3, published as RFC 8446, is a significant step forward towards an Internet that is safer and more trusted.

Under development for the past four years and approved by the Internet Engineering Task Force (IETF) in March 2018, TLS 1.3 addresses known issues with the previous versions and improves security and performance, in particular it is able to establish a session more quickly than its predecessors. Because it is more efficient, TLS 1.3 promises better performance for the billions of users and organizations that use TLS every day. As with every IETF standard, TLS 1.3 was developed through open processes and participation, and included contributions from scores of individuals.

Many companies have indicated that they plan to implement and deploy TLS 1.3 in the near future and several have already done so. Part of their readiness can be traced back to the fact that the standard’s development was informed along the way by “running code” – test implementations that helped identify issues in and provide additional clarity to the specification, ensuring TLS 1.3 would not only look good on paper but that it would work well in the real world too. TLS 1.3 was also reviewed extensively by academic security and cryptography experts to help identify and address possible weaknesses before it was widely deployed.

A popular saying in the IETF community is that “there are no protocol police.” This reflects the reality that adoption of IETF protocols is voluntary and each network, enterprise, and Internet user is free to decide whether or not to use them. Given how widely TLS is deployed, it is inevitable that some challenges will be encountered as TLS 1.3 adoption gathers pace. Additional work may be required to address these challenges. However, on balance, TLS 1.3 represents a significant security win for the Internet and its users. We look forward to using it and tracking its adoption on the Internet.

See also:


1 – Editor’s Note: The TLS protocol is often mistakenly called “SSL” or “Secure Socket Layer”. SSL was the name of the original protocol developed by Netscape back in the mid-1990s. It was replaced by TLS 1.0 in 1999. (Yes, almost 20 years ago!) TLS 1.0 was in turn replaced by 1.1, 1.2, and now 1.3.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Improving Technical Security 23 October 2019

Securing the Internet: Introducing Oracle Internet Intelligence IXP Filter Check

Oracle is an Organization Member of the Internet Society. We welcome this guest post announcing a new tool that...

Improving Technical Security 4 October 2019

Network Operators in Latin America and the Caribbean Take Steps to Strengthen Routing Security

2019 has been a very good year for the Internet in Latin America and the Caribbean. In May, during...