david wong

Hey! I'm David, a security engineer at the Blockchain team of Facebook, previously a security consultant for the Cryptography Services of NCC Group. I'm also the author of the Real World Cryptography book. This is my blog about cryptography and security and other related topics that I find interesting.

TLS 1.3 is out! posted August 2018

TLS 1.3 has been released as RFC 8446. It took 28 drafts and more than 4 years since draft 0 to come out. Cloudflare has a long blog post about it. Some questions about the deployment of 1.3:

  • Will we see a fast deployment of the protocol? It seems like browsers are ready, but web servers will have to follow.
  • Who will use 0-RTT? I'm expecting the big players to use it (largely because they've been requesting it) but what about the small ones?
  • Are we going to see vulnerabilities in the protocol? It seems highly unlikely, TLS 1.2 itself (with AES-GCM) has remained solid for more than 10 years.
  • Are we going to see vulnerabilities in the implementations? We will see about that. If anything happens, I'm expecting it to happen around 0-RTT, PSKs and key exports. But let's hope that libraries have learned their lessons.
  • Is BearSSL going to implement TLS 1.3? It sounds like it.

Leave a comment