Skip to main content
  • Suggested IETF 119 Sessions for Getting Familiar with New Topics

    These IETF 119 meeting sessions included discussions and proposals that are accessible to a broad range of Internet technologists whether they are new to the IETF or long-time participants.

      26 Feb 2024
    • Google and consortium of local organizations to host first Australian IETF meeting in over 20 years

      Google, auDA, and Internet Association Australia (IAA) provide key support for Brisbane meeting to be held 16-22 March 2024

        23 Feb 2024
      • JSONPath: from blog post to RFC in 17 years

        Today the JSONPath RFC (RFC 9535) proposed standard was published, precisely 17 years after Stefan Gössner wrote his influential blog post JSONPath – XPath for JSON that resulted in some 50 implementations in various languages.

        • Glyn NormingtonRFC 9535 Editor
        21 Feb 2024
      • Stepping towards a Sustainable Internet

        The IAB’s new Environmental Impacts of Internet Technology (E-Impact) program will hold its first virtual interim meeting over two slots on 15 and 16 February 2024. These interim meetings are open to participation, and we invite all interested community members to join, participate, and contribute.

        • Jari ArkkoE-Impact Program Lead
        • Suresh KrishnanE-Impact Program Lead
        7 Feb 2024
      • What’s the deal with Media Over QUIC?

        In 2022, the IETF formed a working group for Media Over QUIC (MoQ)—a media delivery solution that has the potential to transform how we send and receive media during live streaming, real-time collaboration, gaming, and more.

        • Brett BralleyThought Leadership Content Writer, Cisco
        25 Jan 2024

      Filter by topic and date

      Filter by topic and date

      IETF Hackathon: Getting TLS 1.3 working in the browser

      • Nick Sullivan

      17 Apr 2016

      Over the last few years, the IETF community has been focused on improving and expanding the use of the technical foundations for Internet security.

      IETF Hackathon @ IETF 95

      Part of that work has been updating and deploying protocols such as Transport Layer Security (TLS), with the first draft of the latest version of TLS, TLS 1.3, published a bit more than two years ago on 17 April 2014. Since then, work on TLS 1.3 has continued with expert review and initial implementations aimed at providing a solid base for broad deployment of improved security on the global Internet.

      In February of this year, the Internet Society hosted the TRON(TLS 1.3 Ready Or Not) workshop. The main goal of TRON was to gather feedback from developers and academics about the security of TLS 1.3. The conclusion of the workshop was that TLS 1.3 was, unfortunately, not ready yet.

      One of the reasons it was deemed not yet ready was that there needed to be more real-world testing of independently written implementations. There were some implementations of the core protocol, but nobody had put together a full browser-to-server test. And some of the more exciting new features like PSK-based resumption (which brings improved forward secrecy to session tickets) and 0-RTT (which reduces latency for resumed connections) were still unimplemented.

      The latest IETF Hackathon held two days before IETF 95 provided the kind of focused and collaborative environment that is conducive for working through implementation and interoperability without distraction. In Buenos Aires, I was joined by key members of the Mozilla team (Eric Rescorla, Richard Barnes and Martin Thompson) as well as some other great people who joined the team on the dates of the Hackathon. We had two main stacks to work with: NSS, the cryptography library that powers Firefox; and Mint, a Golang based implementation created by Richard Barnes that I had set up on tls13.cloudflare.com.

      The goals were:

      • Finish integration with Firefox so we can do an HTTPS request
      • Demonstrate Firefox->CloudFlare interoperability (with tls13.cloudflare.com)
      • Resumption-PSK between NSS and Mint
      • 0-RTT between NSS and Mint
      • 0-RTT in Firefox

      We also had a stretch goal of getting 0-RTT working between Firefox and CloudFlare’s test site.

      Getting TLS 1.3 integrated in Firefox took until late Saturday night (we continued in the hotel bar after the Hackathon room closed), but after fighting through segmentation faults, C++11 lambda issues, and obtaining a trusted certificate through Let’s Encrypt, we were able to see a glorious “Hi there!” with a lock icon in Firefox. By the end of the Hackathon on Sunday, we were able to browse the TLS 1.3 specification on tls13.cloudflare.com with PSK-based session resumption in Firefox.

      Although we were not able to get 0-RTT working between Firefox and CloudFlare in time for the demo (we were so very close), the Hackathon was deemed a success and we were given the “Best Achievement” award. It was great experience and proved invaluable for understanding how TLS 1.3 will work in practice. I’d like to thank the IETF for hosting this event and Huawei for sponsoring it.

      The work at this Hackathon and the subsequent meetings at IETF 95 have helped solidify the core features of TLS 1.3. In the coming months, the remaining issues will be discussed on the TLS Working Group mailing list with the hope that a final draft can be completed soon after IETF 96 in Berlin.


      Share this page