Skip to main content
  • Starting Consultation on the IASA2 Retrospective

    The IETF Administration LLC (IETF LLC) is soliciting community feedback on the first draft of the IETF Administrative Support Activity (IASA 2.0) retrospective. Our goal is to complete this process by October 2021 so that we can present a final report in November 2021 at IETF-112. This time frame provides significant opportunity for community input and revision of the assessment.

    • Jason LivingoodIETF Administration LLC Board Chair
    24 Jun 2021
  • IETF Administration LLC Completes 2020 Financial Review

    The IETF Administration LLC Board of Directors had received a clean result for its 2020 stand-alone annual financial statement.

    • Sean TurnerIETF LLC Board Treasurer
    24 Jun 2021
  • Public side meetings at IETF meetings

    The feedback provided in post-meeting surveys frequently references the public side meetings that are held during or alongside IETF meetings. Some feedback is about how those meetings are run, while other feedback is about the level of IETF support for side meetings.

    • Lars EggertIETF Chair
    21 Jun 2021
  • QUIC working group looks to bring more security to Internet traffic

    Lucas Pardue serves as co-chair of the IETF QUIC Working Group, which focuses on a standards-track specification for a UDP-based, stream-multiplexing, encrypted transport protocol. The IETF blog recently asked Pardue about the QUIC standards project.

    • Grant GrossIETF Blog Reporter
    14 Jun 2021
  • Q&A with our new Director of Development

    Lee-Berkeley Shaw joins the IETF Administration LLC today as Director of Development. She will focus on designing and delivering the strategy to achieve the IETF’s goals for financial sustainability, with a focus on growing the IETF Endowment. We asked her questions about her plans for the IETF and her background.

    • Grant GrossIETF Blog Reporter
    7 Jun 2021

Filter by topic and date

Filter by topic and date

TLS 1.3

  • Joseph A. SaloweyTLS Working Group Chair
  • Sean TurnerTLS Working Group Chair
  • Christopher A. WoodTLS Working Group Chair

10 Aug 2018

TLS 1.3 updates the most important security protocol on the Internet, delivering superior privacy, security, and performance.

TLS 1.3 Badge

Securely sending information over the Internet is a foundation of online commerce, medicine, and other sensitive transactions. For these and many other uses it is critical that transmitted information not be tampered with, forged, or read by anyone other than the sender and receiver. These features have been a key part of the Internet’s growth and are critical to many innovative uses.

While the most widely used technology providing transport layer security for the Internet traces its origins back to SSL more than 20 years ago, the recently completed TLS 1.3 is a major revision designed for the modern Internet. The protocol has major improvements in the areas of security, performance, and privacy.  

Although the previous version, TLS 1.2, can be deployed securely, several high profile vulnerabilities have exploited optional parts of the protocol and outdated algorithms. TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities. Throughout TLS 1.3’s development the IETF TLS working group engaged with the cryptographic research community to analyze, improve, and validate the security of TLS 1.3. This included several workshops where researchers could present their findings, such as the the TRON workshop hosted in connection with the NDSS 2016 conference, and yielded at least 15 highly cited peer reviewed conference papers in notable academic conferences.  

In contrast to TLS 1.2, TLS 1.3 provides additional privacy for data exchanges by encrypting more of the negotiation handshake to protect it from eavesdroppers.  This enhancement helps protect the identities of the participants and impede traffic analysis. TLS 1.3 also enables forward secrecy by default which means that the compromise of long term secrets used in the protocol does not allow the decryption of data communicated while those long term secrets were in use. As a result, current communications will remain secure even if future communications are compromised.

With respect to performance, TLS 1.3 shaves an entire round trip from the connection establishment handshake. In the common case, new TLS 1.3 connections will complete in one round trip between client and server. Some applications can now also use modes that deliver data to applications even sooner. These enhancements coupled with efficient modern cryptographic algorithms make TLS 1.3 faster than ever.

The process of developing TLS 1.3 included significant work on “running code”, a core mantra of the IETF. This meant building and testing implementations by many companies and organizations that provide products and services widely used on the Internet, such as web browsers and content distribution networks. For example, TLS 1.3 was a primary focus of the IETF 98 Hackathon project that brought together people who work on web browsers, websites, and the Internet of Things. This collaboration helps demonstrate interoperability, catch documentation and implementation bugs, and ultimately ensure the specification provides a solid reference for others looking to implement TLS 1.3. This work helped make TLS 1.3 part of the roadmap for many companies and is poised to be quickly and broadly available to a wide range of Internet users. A growing list of implementations can be found here.

During its development, many individuals contributed their time, energy, and expertise to improve the protocol to its current state. We give special thanks to these contributors. Now that TLS 1.3--both the core protocol and several other specifications that support its implementation and deployment--is in the final stages of completion, we expect adoption to be fast-paced and widespread.

What do you need to do to take advantage of TLS 1.3? Most modern web browsers and many applications you probably use already support TLS 1.3. For those not currently supporting the protocol, we expect future updates to bring in support.  Similarly, if you manage a website or other online service, the servers and infrastructure you use are likely to start using TLS 1.3 though it is worth double checking with your providers. If you develop or implement the software or services used by others on the Internet and don’t already have TLS 1.3 as part of your roadmap, you should take a look at what others are doing and plan appropriately.

In short, TLS 1.3 is poised to provide a foundation for a more secure and efficient Internet over the next 20 years and beyond.


Share this page