TLS / Transport Layer Security
The TLS (Transport Layer Security) is a security protocol that allows client/server applications to communicate securely in a way that is designed to prevent eavesdropping, tampering, or message forgery.
It is based on SSL (Secure Socket Layer) v3.0 and was first defined in January 1999. The latest version is TLSv1.2 and currently an IETF working group is working on the draft of TLSv1.3 with the following design golas:
· Develop a mode that encrypts as much of the handshake as is possible to reduce the amount of observable data to both passive and active attackers.
· Develop modes to reduce handshake latency, which primarily support HTTP-based applications, aiming for one roundtrip for a full handshake and one or zero roundtrip for repeated handshakes. The aim is also to maintain current security features.
· Update record payload protection cryptographic mechanisms and algorithms to address known weaknesses in the CBC block cipher modes and to replace RC4.
· Reevaluate handshake contents, e.g.,: Is time needed in client hello? Should signature in server key exchange cover entire handshake? Are bigger randoms required? Should there be distinct cipher list for each version? Are additional mechanisms needed to prevent version rollback needed?
· The group will consider the privacy implications of TLS1.3 and where possible (balancing with other requirements) will aim to make TLS1.3 more privacy-friendly, e.g. via more consistent application traffic padding, more considered use of long term identifying values, etc.