Skip to main content
  • Time to update the Network Time Protocol

    The Network Time Protocol (NTP) is a foundational Internet standard that has provided clock synchronization between computer systems since the early 1980s. It was first standardized as RFC 958 in Sept 1984 with several revisions in the following years. Discussions have been ongoing in the NTP working group for a few years now about updating NTPv4 to NTPv5. This update is motivated by lessons learned, ongoing vulnerabilities, and emerging use cases.

    • Karen O'DonoghueNTP Working Group Chair
    • Dieter SieboldNTP Working Group Chair
    30 Sep 2022
  • Report from IAB workshop on Analyzing IETF Data (AID) 2021 published

    The Internet Architecture Board (IAB) has published the official report from the workshop on Analyzing IETF Data (AID) 2021.

      28 Sep 2022
    • Applied Networking Research Prize presentations at IETF 115

      The Internet Research Task Force (IRTF) open session at the IETF 115 meeting will feature presentations on research into domain hijacking, the IETF's organizational culture, and DDoS attack detection and mitigation.

        27 Sep 2022
      • Supporting diversity and inclusion at IETF meetings by providing childcare

        Thanks to the generous support of IETF Diversity & Inclusion sponsors, onsite childcare at an IETF meeting was provided for the first time ever during IETF 114. The successful experience and continued support of sponsors means it will again be offered at the IETF 115 meeting on 5-11 November 2022.

          14 Sep 2022
        • IETF Annual Report 2021

          The IETF Annual Report 2021 provides a summary of Internet Engineering Task Force (IETF), Internet Architecture Board (IAB), Internet Research Task Force (IRTF), and RFC Editor community activities from last year.

            9 Sep 2022

          Filter by topic and date

          Filter by topic and date

          TLS 1.3

          • Joseph A. SaloweyTLS Working Group Chair
          • Sean TurnerTLS Working Group Chair
          • Christopher A. WoodTLS Working Group Chair

          10 Aug 2018

          TLS 1.3 updates the most important security protocol on the Internet, delivering superior privacy, security, and performance.

          TLS 1.3 Badge

          Securely sending information over the Internet is a foundation of online commerce, medicine, and other sensitive transactions. For these and many other uses it is critical that transmitted information not be tampered with, forged, or read by anyone other than the sender and receiver. These features have been a key part of the Internet’s growth and are critical to many innovative uses.

          While the most widely used technology providing transport layer security for the Internet traces its origins back to SSL more than 20 years ago, the recently completed TLS 1.3 is a major revision designed for the modern Internet. The protocol has major improvements in the areas of security, performance, and privacy.  

          Although the previous version, TLS 1.2, can be deployed securely, several high profile vulnerabilities have exploited optional parts of the protocol and outdated algorithms. TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities. Throughout TLS 1.3’s development the IETF TLS working group engaged with the cryptographic research community to analyze, improve, and validate the security of TLS 1.3. This included several workshops where researchers could present their findings, such as the the TRON workshop hosted in connection with the NDSS 2016 conference, and yielded at least 15 highly cited peer reviewed conference papers in notable academic conferences.  

          In contrast to TLS 1.2, TLS 1.3 provides additional privacy for data exchanges by encrypting more of the negotiation handshake to protect it from eavesdroppers.  This enhancement helps protect the identities of the participants and impede traffic analysis. TLS 1.3 also enables forward secrecy by default which means that the compromise of long term secrets used in the protocol does not allow the decryption of data communicated while those long term secrets were in use. As a result, current communications will remain secure even if future communications are compromised.

          With respect to performance, TLS 1.3 shaves an entire round trip from the connection establishment handshake. In the common case, new TLS 1.3 connections will complete in one round trip between client and server. Some applications can now also use modes that deliver data to applications even sooner. These enhancements coupled with efficient modern cryptographic algorithms make TLS 1.3 faster than ever.

          The process of developing TLS 1.3 included significant work on “running code”, a core mantra of the IETF. This meant building and testing implementations by many companies and organizations that provide products and services widely used on the Internet, such as web browsers and content distribution networks. For example, TLS 1.3 was a primary focus of the IETF 98 Hackathon project that brought together people who work on web browsers, websites, and the Internet of Things. This collaboration helps demonstrate interoperability, catch documentation and implementation bugs, and ultimately ensure the specification provides a solid reference for others looking to implement TLS 1.3. This work helped make TLS 1.3 part of the roadmap for many companies and is poised to be quickly and broadly available to a wide range of Internet users. A growing list of implementations can be found here.

          During its development, many individuals contributed their time, energy, and expertise to improve the protocol to its current state. We give special thanks to these contributors. Now that TLS 1.3--both the core protocol and several other specifications that support its implementation and deployment--is in the final stages of completion, we expect adoption to be fast-paced and widespread.

          What do you need to do to take advantage of TLS 1.3? Most modern web browsers and many applications you probably use already support TLS 1.3. For those not currently supporting the protocol, we expect future updates to bring in support.  Similarly, if you manage a website or other online service, the servers and infrastructure you use are likely to start using TLS 1.3 though it is worth double checking with your providers. If you develop or implement the software or services used by others on the Internet and don’t already have TLS 1.3 as part of your roadmap, you should take a look at what others are doing and plan appropriately.

          In short, TLS 1.3 is poised to provide a foundation for a more secure and efficient Internet over the next 20 years and beyond.


          Share this page