Transport Layer Security (TLS)

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit.

To make the Internet more secure, TLS, the successor to Secure Sockets Layer (SSL), needs to be widely deployed by all kinds of applications across the Internet. People are generally familiar with TLS from the “https” and lock icons seen in web browsers, although often they know it more as “SSL”, but TLS can be used in so many other applications.

We published and promoted resources that would help two audiences:

• Application developers seeking to add TLS support into their applications.
• Network operators seeking to understand how best to support the use of TLS-encrypted applications.

This is particularly critical as the Internet Architecture Board (IAB) has stated the goal of making encryption the default across the Internet.

Basics

• TLS Basics page
• TLS for Applications

You can also visit the following resources:

• Internet Society Pulse platform
• Introduction to PKIs & CAs
• Content roadmap for TLS for Applications

As part of these efforts, we’ll be watching the work of the IETF Working Group called “Using TLS in Applications (UTA)” that is chartered to create a set of security guides to help application developers. More specifically, the UTA WG is charged with coming up with “best practices” for application developers that will help guard against some of the attacks against TLS that are outlined in RFC7457. As those guides become available we’ll be actively promoting them here and to the wider developer community. For more information about UTA, including how to join the public mailing list, please see these links:

• UTA Working Group charter
• UTA documents
• UTA mailing list and archive of mailing list discussions