By: Karen O’Donoghue
On 21 February 2016, the “TLSv1.3 Ready or Not?” (TRON) workshop was held in conjunction with the Network and Distributed System Security Symposium (NDSS 2016) in San Diego, California.
The goal of this workshop was to foster cross-collaboration between the research and standardization communities. The workshop was viewed as an opportunity to get security researchers engaged in the analysis of the Transport Layer Security (TLS) 1.3 specification prior to its publication. The thought was that potential flaws in the specification could be identified and corrected earlier in the process. This would be a big benefit to the Internet in general.
TLS is a generic building block that provides confidentiality and integrity in the Internet Protocol suite. It is used to provide end-to-end encryption and authentication for Web, email, and messaging traffic, as well as virtually any other conceivable form of Internet communication. The newest version of TLS, version 1.3, is currently under development in the IETF. Given the frequency with which flaws are being discovered in security protocols, the earlier we get quality researchers engaged the better.
The workshop was very successful and included a full day of in-depth presentations and discussions featuring selected published research in this space. In keeping with the overall theme of the workshop, several researchers presented approaches and tools for analysis and verification of TLS 1.3. The discussion continued with looking at ways to improve the secure implementation of TLS 1.3. Finally, there was a discussion on the topics related to the defense of TLS 1.3 from external factors including the ongoing impact of flaws in Public-Key Cryptography Standards (PKCS) #1 and the issue of metadata leakage and its impact on privacy. The TRON workshop also collected references to related research papers for further analysis.
As a way to further facilitate cross pollination between the two communities, the TRON programme committee presented an award for the “Best Contribution to the IETF” to Tibor Jager (http://tiborjager.de/) for his work on, “On the Security of TLS 1.3 (and QUIC) Against Weaknesses in PKCS #1 v1.5 Encryption”. The award was presented to the workshop participant whose work was most likely to have a positive impact on the IETF work in this space. Part of the award includes Tibor attending IETF 96 in Berlin to further the collaboration with IETF security engineers.
For more information, see the workshop programme at http://www.internetsociety.org/events/ndss-symposium-2016/tls-13-ready-or-not-tron-workshop-programme.