Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: TLS 1.3 Internet security protocol was approved

27 Mar 2018   #1
Brink

64-bit Windows 10 Pro
 
 
TLS 1.3 Internet security protocol was approved

Quote:
The long-simmering battle over the future of the internetís most important security protocol is over: TLS 1.3 was approved by the Internet Engineering Task Force after over four years of work and 28 draft versions of the standard.

TLS ó short for Transport Layer Security ó secures a huge swath of the internet. HTTPS-enabled websites, like the one youíre visiting, are possible thanks to TLS. The protocol is also used to secure email, voice, video and messaging. The newest version is the biggest change in the standardís two decades of existence...


Read more: TLS 1.3 approved: The internets most important security protocol is finally moving forward - CyberScoop

See also: Introducing TLS 1.3

Official announcement: https://www.ietf.org/mail-archive/we.../msg17592.html


My System SpecsSystem Spec
.
29 Mar 2018   #2
Botard

Windows 7 guest, Debian host
 
 

Wonderful, banks have to upgrade in order for the new protocol will work for them, and if the decryption specification is added as the want, the TLS 1.3 might be slower than TLS 1.2 because of additional load.
My System SpecsSystem Spec
01 Apr 2018   #3
Alejandro85

Windows 7 Ultimate x64
 
 

TLS 1.3 might be slower than 1.2, but that's not really too much relevant in real life. As many people already researchd on the topic current TLS implementations are quite fast and add a negligible overhead over plain-text connections, but carry a massive security increase. Today having HTTPS is a no-brainer, and plain HTTP should already be considered obsolote by all means.

I would expect banks, credit card processors and anything that requires high confidenciality and security to be the first adopters of this new standard, as those are the ones that'll profit the most. And its users can really also feel safer than before. Just imagine if your bank doesn't offers the latest possible security, would you consider continue working with them? In the long run, I would expect not to.
My System SpecsSystem Spec
.

05 Apr 2018   #4
Botard

Windows 7 guest, Debian host
 
 

Theoretically, "carrying massive security or adding negligible overhead" will increase the number of levels to be transmitted. And, increasing the number of levels will also increase the information capacity (bits/second). Furthermore, increasing the capacity will decrease the number of channels allocated in a medium. The problem is we have a limited bandwidth and is congested. To explain this, If the medium is wired the bandwidth is fix. The same goes to a wireless medium in mobile phones that operates designated frequencies but lower bandwidth than the wired cable use. The tremendous bandwidth we have in communication are those frequencies operated in microwave region and above, the infrared region or light spectrum (fiber optics) but these are use as a backbone communication. Still, our home is wired connected and have wireless interface. These are things to consider in implementing protocols ...

Another thing I like to mention if you allow me which happened in the past, during the 2nd generation of mobile phone had problem with drop calls during peak hours because the channels in cell site were busy. But if we recall it, this was resolved by a Swedish engineer A. K. Erlang that formulated an idea to combine all the channels to use. (That's why the phone traffic is defined erlangs, E). Those days, the authoritative body made agreement to use the same basic standard with additional complexity for browsing Internet for the 3rd generation and so on, and to minimize the amount of data or keeping the channel bandwidth low.

And by the way, when the committee approved a new protocol, it will passed/revised it in congress and signed to the senate or whatever body represents for this in a country. In effect, there will be implementing rules and regulation to financing institution that strictly manage by a government organization in the long run.
My System SpecsSystem Spec
06 Apr 2018   #5
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Botard View Post
Still, our home is wired connected and have wireless interface. These are things to consider in implementing protocols ...
Why do you think those things aren't taken into account?
Security is always a tradeoff of usability/convenience vs security/privacy. And also involves some level of complication in software and overhead. When that overhead is minimal and the benefit is huge, implementing the protocol is a no-brainer. That's the case with TLS and its usage in the web as HTTPS.

You mention trafic congestion unable to add any bit of overhead, but have you measured how much overhead is it? In my quick test, loading this topic on SevenForums consume around 200KB of data, while the overhead of TLS is just around 7KB. That's around 3% of overhead, and this site is quite lightweight. Take a YouTube video for example, maybe 10MB of data, 10KB of overhead can easily be ignored.
A good website I found to explain that is this one:
TLS overhead - netsekure rng

Realitiy is, TLS overhead is real, but minimal. Congestion on some lines can be happen because of raw data size, but TLS contribution is negligible, you won't stop having congestion without HTTPS, nor you will start having adding it. On the other hand, the security it brings is immense, to the point of many internet bussineses depending on it for operation.


Quote   Quote: Originally Posted by Botard View Post
And by the way, when the committee approved a new protocol, it will passed/revised it in congress and signed to the senate or whatever body represents for this in a country. In effect, there will be implementing rules and regulation to financing institution that strictly manage by a government organization in the long run.
Governments are irrelevant here, protocols are discussed among security experts and evaluated based on its technical characteristics, and standards are created/modified/revoked because of those finding. Those organizations are who ultimately decide about the fate of protocols, not politicians.
Adoption, on the other hand, is determined by each one using it, based on his own need. Government decides over implementing those protocols on its own systems, just like any other individual does.
My System SpecsSystem Spec
06 Apr 2018   #6
Botard

Windows 7 guest, Debian host
 
 

Quote   Quote: Originally Posted by Alejandro85 View Post
Why do you think those things aren't taken into account?
These are the things that I'd like to point out about protocols implementation, without a proper protocol the device interface whether in physical or wireless won't work each other, but still they're connected.

Quote   Quote: Originally Posted by Alejandro85 View Post
Realitiy is, TLS overhead is real, but minimal. Congestion on some lines can be happen because of raw data size, but TLS contribution is negligible, you won't stop having congestion without HTTPS, nor you will start having adding it. On the other hand, the security it brings is immense, to the point of many internet bussineses depending on it for operation.
Yes the overhead is minimal considering the fact not all protocols are send at once to the server. The raw data (video/audio/messages) here is another protocol waiting to send when this overhead protocol is set. When it's set, the raw data will route to another channel as usually the case. In other words, there's a delay in respect with different channel use. Plus, this hashing algorithm, encryption, decryption take longer to execute creating significant delay on transmission. -tradeoff


Quote   Quote: Originally Posted by Alejandro85 View Post
Governments are irrelevant here, protocols are discussed among security experts and evaluated based on its technical characteristics, and standards are created/modified/revoked because of those finding. Those organizations are who ultimately decide about the fate of protocols, not politicians.
They had already decided and was approved. So, the next step is to implement it. The doubts that others might not follow is not an issue because there are government organization will impose the new protocol. What do you think the central bank's guidelines, regulation, and supervision for?
My System SpecsSystem Spec
Reply

 TLS 1.3 Internet security protocol was approved




Thread Tools




Similar help and support threads
Thread Forum
Is there a way to make shortcut to Internet Protocol Version 4?
Hello, I have Internet Protocol V4 settings: IP adress: 192.168.0.101 Subnet mask: 255.255.255.0 Default gateway: 192.168.0.1 Preferred DNS server: 192.168.0.1 I want to know if there's some way to make shortcut for these settings so I can click on that shortcut whenever I want to...
Network & Sharing
USB 3.1 Spec Approved, Brings 10Gbps Speeds
Source
News
100W Power Delivery Spec Approved For USB 2.0 And 3.0
Read more at: Maximum PC | 100W Power Delivery Spec Approved For USB 2.0 And 3.0
News
Opera Mini for iPhone Approved!
And available for download in the AppStore immediately. I've just started using it and I've got to say it tops Safari by far. Everything from switching tabs to navigating menus is buttery smooth. Now if only there was a way to set it as the default web browser... ...
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:53.
Twitter Facebook Google+