tls 1 3 tutorial
play

TLS 1.3 Tutorial IETF 100 - Singapore 20171112 Sean Turner | sn3rd - PowerPoint PPT Presentation

TLS 1.3 Tutorial IETF 100 - Singapore 20171112 Sean Turner | sn3rd Joe Salowey | Tableau software Whats Will address TLS 1.3s: Wheres Hows 2 Not too Technical We promise: Lots o Links Lame Nerd Humor 3 Whence does it come? 4


  1. TLS 1.3 Tutorial IETF 100 - Singapore 20171112 Sean Turner | sn3rd Joe Salowey | Tableau software

  2. Whats Will address TLS 1.3’s: Wheres Hows 2

  3. Not too Technical We promise: Lots o’ Links Lame Nerd Humor 3

  4. Whence does it come? 4

  5. Who’s implementing 1.3? Open source! Browsers! Test servers available! 5

  6. Where are the specifications? Working copy Official I-D 6

  7. Where does it sit? Applications X X marks the spot! TCP IP 7

  8. What does it do? Begone Eve! Mallory No More! 8 From xkcd.com

  9. Wat, Wat! There’s how many protocols!? Application Application Handshake Alert Data TLS Record TCP 9

  10. Wat! Wat! You don’t need to use all the protocols? Application Shim QUIC QUIC does not use TLS’ Application Data TLS UDP IP 10

  11. What was wrong with the previous versions? Lucky 13 Crime BEAST Breach Freak Triple Handshake Logjam Poodle Drown Sweet32 ... 11

  12. What were the design goals? PRIVATE 12

  13. Why is it more secure? 13

  14. What did you remove to make it more secure? SHA-1 Compression Stream Ciphers Static RSA Key Exchange Renegotiation Block Ciphers 14

  15. Why is it more secure? Record Payload Algorithms: AEAD-only Key Establishment Algorithms: (EC)DHE or PSK Convergence of PSK, Session Resumption, Session Tickets and 0-RTT TLS1.2 TLS1.3 Cipher Suites 005 >100 15

  16. What algorithms are supported? AEAD: AES-GCM, AES-CCM, CHACHA20-Poly1305 ECs: Sig: p256, p384, p521, EdDSA (25519 and 448) KE Groups: p256, p384, p521, 25519, 448 Named FFDHE Groups RSA-PSS Signatures 16

  17. How do you specify ciphers? OLD: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 NEW: a la carte Bulk AEAD Key Exchange Authentication Pre-shared Key Encryption Supported Signature PSK Cipher Suite Groups Algorithm Extension Extension Extension IANA Registry will include Recommended column 17

  18. Come again - it’s faster? TLS1.3 TLS1.2 Handshake Handshake Handshake Handshake AppData Handshake Handshake Handshake AppData AppData AppData HTTP starts here 18

  19. What are the normal modes? Resumption (PSK) 1-RTT ClientHello Opt KeyShare PSK_KE_mode ClientHello PSK_ID KeyShare ServerHello ServerHello KeyShare KeyShare ServerParams ServerParams Authentication Authentication AppData AppData Authentication Authentication AppData AppData 19

  20. Is that *all* you got? TLS1.3 0-RTT Data Handshake AppData HTTP starts here Handshake AppData PFS starts here Handshake AppData WARNING: 0-RTT Data is replayable and not PFS! 20

  21. It supports record protection? Padding for Length Hiding Unencrypted ContentType and Version no longer meaningful 21

  22. You turned PFS on!? Perfect Forward Secrecy is the default. Also available with PSK modes. 22

  23. You’re encrypting more early though, right!? PFS! KeyExchange cleartext Extensions KeyExchange SNI and ALPN ServerParams encrypted Authentication ClientID AppData ServerID SessionTicket Authentication encrypted AppData 23

  24. What’s not to like!? 24

  25. TLS1.3-related drafts TLS1.3 Test Vectors DTLS1.3 Working copy Working copy Official I-D Official I-D 25

  26. please tell us what you thought about this session : https://www.surveymonkey.com/r/100tls 26

Recommend


More recommend