david wong

Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

TLS 1.3 is out!

posted last month

TLS 1.3 has been released as RFC 8446. It took 28 drafts and more than 4 years since draft 0 to come out. Cloudflare has a long blog post about it. Some questions about the deployment of 1.3:

  • Will we see a fast deployment of the protocol? It seems like browsers are ready, but web servers will have to follow.
  • Who will use 0-RTT? I'm expecting the big players to use it (largely because they've been requesting it) but what about the small ones?
  • Are we going to see vulnerabilities in the protocol? It seems highly unlikely, TLS 1.2 itself (with AES-GCM) has remained solid for more than 10 years.
  • Are we going to see vulnerabilities in the implementations? We will see about that. If anything happens, I'm expecting it to happen around 0-RTT, PSKs and key exports. But let's hope that libraries have learned their lessons.
  • Is BearSSL going to implement TLS 1.3? It sounds like it.
Well done! You've reached the end of my post. Now you can leave me a comment :)