SLIDE 1
TLS 1.3 Tutorial
IETF 100 - Singapore 20171112 Sean Turner | sn3rd Joe Salowey | Tableau software
Will address TLS 1.3’s:
Whats Wheres Hows
2
TLS 1.3 Tutorial IETF 100 - Singapore 20171112 Sean Turner | sn3rd - - PowerPoint PPT Presentation
TLS 1.3 Tutorial IETF 100 - Singapore 20171112 Sean Turner | sn3rd - - PowerPoint PPT Presentation
TLS 1.3 Tutorial IETF 100 - Singapore 20171112 Sean Turner | sn3rd Joe Salowey | Tableau software Whats Will address TLS 1.3s: Wheres Hows 2 Not too Technical We promise: Lots o Links Lame Nerd Humor 3 Whence does it come? 4
SLIDE 2
SLIDE 3
We promise:
Not too Technical Lots o’ Links Lame Nerd Humor
3
SLIDE 4
Whence does it come?
4
SLIDE 5
Who’s implementing 1.3?
Open source! Browsers! Test servers available!
5
SLIDE 6
Where are the specifications?
6
Working copy Official I-D
SLIDE 7
Where does it sit?
7
IP TCP X Applications
X marks the spot!
SLIDE 8
What does it do?
Begone Eve! Mallory No More!
From xkcd.com
8
SLIDE 9
Wat, Wat! There’s how many protocols!?
9
TCP Record Application Data Handshake Alert Application TLS
SLIDE 10
Wat! Wat! You don’t need to use all the protocols?
10
IP UDP QUIC
Application Shim
TLS
QUIC does not use TLS’ Application Data
SLIDE 11
What was wrong with the previous versions?
11
Lucky 13 BEAST Freak Logjam Drown Crime Breach Triple Handshake Poodle Sweet32 ...
SLIDE 12
What were the design goals?
12
PRIVATE
SLIDE 13
Why is it more secure?
13
SLIDE 14
What did you remove to make it more secure?
14
Static RSA Key Exchange Stream Ciphers Block Ciphers Compression Renegotiation SHA-1
SLIDE 15
Why is it more secure?
Record Payload Algorithms: AEAD-only Key Establishment Algorithms: (EC)DHE or PSK Convergence of PSK, Session Resumption, Session Tickets and 0-RTT
15
>100 005
TLS1.2 TLS1.3 Cipher Suites
SLIDE 16
What algorithms are supported?
AEAD: AES-GCM, AES-CCM, CHACHA20-Poly1305 ECs: Sig: p256, p384, p521, EdDSA (25519 and 448) KE Groups: p256, p384, p521, 25519, 448 Named FFDHE Groups RSA-PSS Signatures
16
SLIDE 17
OLD: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 NEW: a la carte
How do you specify ciphers?
17
Bulk AEAD Encryption Cipher Suite Key Exchange Supported Groups Extension Authentication Signature Algorithm Extension Pre-shared Key PSK Extension
IANA Registry will include Recommended column
SLIDE 18
Come again - it’s faster?
18
Handshake AppData Handshake Handshake
TLS1.2
Handshake AppData
TLS1.3
Handshake AppData Handshake Handshake AppData HTTP starts here
SLIDE 19
What are the normal modes?
19
Authentication KeyShare ServerHello KeyShare ClientHello AppData Authentication AppData ServerParams
1-RTT Resumption (PSK)
Opt KeyShare ClientHello PSK_KE_mode PSK_ID Authentication KeyShare ServerHello AppData ServerParams Authentication AppData
SLIDE 20
Is that *all* you got?
20
Handshake AppData Handshake AppData Handshake AppData
TLS1.3 0-RTT Data
HTTP starts here PFS starts here WARNING: 0-RTT Data is replayable and not PFS!
SLIDE 21
It supports record protection?
21
Padding for Length Hiding Unencrypted ContentType and Version no longer meaningful
SLIDE 22
You turned PFS on!?
Perfect Forward Secrecy is the default. Also available with PSK modes.
22
SLIDE 23
You’re encrypting more early though, right!?
23
KeyExchange Extensions Authentication KeyExchange AppData ServerParams Authentication AppData ClientID SNI and ALPN PFS! cleartext encrypted encrypted ServerID SessionTicket
SLIDE 24
What’s not to like!?
24
SLIDE 25
TLS1.3-related drafts
25
Working copy Official I-D
TLS1.3 Test Vectors
Working copy Official I-D
DTLS1.3
SLIDE 26
please tell us what you thought about this session: https://www.surveymonkey.com/r/100tls
26