The internet’s most important security protocol is finally moving forward

The long-simmering battle over the future of the internet’s most important security protocol is over: TLS 1.3 was approved by the Internet Engineering Task Force after over four years and 28 drafts of back and forth. TLS secures a huge swath of the internet. HTTPS-enabled websites, like the one you’re visiting, is possible thanks to TLS. TLS is also used to secure email, voice, video and messaging. The newest version, TLS 1.3, is the biggest change in the standard’s two decades of existence. The biggest battle of note over TLS 1.3 was prompted by a push from the Financial Services Roundtable to include and standardize interception so that banks and other data center owners could more easily decrypt connections in order to comply with regulations, implement data loss protection, detect intrusions and malware, capture packets, and mitigate denial of service attacks. Opponents called in an intentional weakness that could put the entire […]

The post The internet’s most important security protocol is finally moving forward appeared first on Cyberscoop.

Continue reading The internet’s most important security protocol is finally moving forward

Big banks want to weaken the internet’s underlying security protocol

The tech and financial industries are butting heads over the latter’s push to intentionally weaken a security protocol that underlies how the public securely accesses the vast majority of the internet. Critics are charging that the financial industry is pushing for a weakness in the new version of the Transport Layer Security (TLS) protocol, all for the sake of avoiding the time, effort and resources needs to adapt to the new standard. TLS is a bedrock internet security protocol used to secure everything from web browsing and email to instant messaging, voice, video and the internet of things. A new version, known as TLS 1.3, will usher in the largest changes in the protocol’s history. Contributors are hammering out the details before the update is likely finalized at the March meeting of the Internet Engineering Task Force (IETF), an independent group that designs internet standards. Heading into the meeting, the financial […]

The post Big banks want to weaken the internet’s underlying security protocol appeared first on Cyberscoop.

Continue reading Big banks want to weaken the internet’s underlying security protocol

You Can Now Help Identify Middleboxes Holding Back TLS 1.3 Adoption

TLS 1.3 promises great improvements for the encrypted Web, both in terms of security and performance. However, its adoption has been held back for the past year by SSL/TLS proxies and other load balancing and traffic monitoring middleboxes that break c… Continue reading You Can Now Help Identify Middleboxes Holding Back TLS 1.3 Adoption