The latest version of TLS (the official name for what used to be called
“SSL”, i.e. the protocol that your browser uses for URLs beginning
“https://”) is now an official IETF standard
should not only make the setup of secure connections quicker, but also
harder to crack.
... banks and businesses complained that, thanks to the way the new
protocol does security, they will be cut off from being able to
inspect and analyze TLS 1.3 encrypted traffic flowing through their
networks, and so potentially be at greater risk from attack.
Unfortunately, that self-same ability to decrypt secure traffic on
your own network can also be potentially used by third parties to
grab and decrypt communications.
An effort to effectively insert a backdoor into the protocol was
met with disdain and some anger by internet engineers, many of whom
pointed out that it will still be possible to introduce middleware
to monitor and analyze internal network traffic.
Note the key phrase “forward secrecy”. This means that, even if your
private key should become compromised down the track, this will still
not help attackers decrypt any records they may have kept of your
secure communications prior to that.
And yes, you can expect the usual suspects to be unhappy about the
introduction of such a feature.
Show replies by date