Rootconf Pune edition

On security, network engineering and distributed systems

Tickets

Lets talk about TLS 1.3

Submitted by Huzaifa Sidhpurwala (@huzaifas) on Sunday, 10 March 2019

Section: Full talk Technical level: Intermediate Section: Full talk (40 mins) Category: Security

View proposal in schedule

Abstract

SSL/TLS is probably the most widely used security protocol on the internet. Since heartbleed was discovered a few years back, this protocol has been constantly audited and evaluated by security researchers around the world. TLS 1.3 is the latest version of the protcol designed from ground up to be more secure than its previous versions. This talk discusses new features and security improvements in TLS 1.3.

Outline

We will talk about what SSL/TLS is, why it is important for the internet. Then take a brief look at few of the security flaws in the protocol over the years. The finally look at security and performance improvements in TLS 1.3. Lastly why should this affect you as a systems engineer, system administrator, developer or even as a normal user.

Requirements

Basic understanding of how protocols work, basic understanding of cryptography.

Speaker bio

I work as a Principal Product Security Engineer with Red Hat. I have been involved with high impact security flaws specially related to SSL/TLS over the last 10 years. I am a part of various upstream security teams and a contributor to Fedora security team.

Slides

https://www.slideshare.net/HuzaifaSidhpurwala/rootconf2019

Comments

  • Anwesha Das (@anweshasrkr) 7 months ago

    Hi, thank you for submitting the talk. Can you please upload the slides and a preview video, it helps us to evaluate the talk.

  • Anwesha Das (@anweshasrkr) 7 months ago

    Please submit the the slides and a preview video, latest by 21st March, 2019, it will help us to evaluate and close the proposal.

  • Zainab Bawa (@zainabbawa) Reviewer 3 months ago

    Thanks for a wonderful rehearsal this morning, Huzaifa. Adding feedback here:

    1. What is the goal of this talk? It is to understand TLS 1.3. There is a lot of work involved to adapt, whether you are a developer, sysadmin and operations manager. The goal is to show what needs to be done to adapt. Huzaifa is showing adaptation by comparing version 1.2 and 1.3.Will be helpful to call out at the beginning of the talk what is the goal/takeaway of the talk, and how Huzaifa will do it.
    2. Nisheed’s suggestion is to show at the start of the talk what was the upheaval caused at the start of the year, including monetary impact + loss as a result of TLS 1.2. Setting this context will help emphasize the importance of TLS 1.3 and be a good build-up to all the details that will follow.
    3. Connection resumption requires technical clarification, including signing key.
    4. PFA is a big thing. How is this maintained? State the adoption caveats.
    5. Narrate the talk like a story: the mess-up, how we are getting out of this, and what next.
    6. Show comparisons across TLS 1.2 and TLS 1.3. For example handshakes. If you show the comparisons across, this will be a good selling point for the talk.
    7. Attacks need a little more explanation.
    8. Slides don’t contain bunch of concepts that Huzaifa mentioned while speaking. This will cause participants to make mental notes which will be a mental bandwidth strain. Add simple bullet points so that participants have an anchor to stay connected with.
    9. Add graphics/visuals to your slides.
    10. Add contact information slide end of the talk.
    11. Also share references for more material on TLS 1.3 which participants can look up after your talk.
  • Anwesha Das (@anweshasrkr) a month ago (edited a month ago)

    TLS 1.3 security and performance improvemnets explained

    Security and performance improvements in TLS 1.3 and the changes made in TSL 1.3 descibed in these blogposts. The blogpost is devided into two parts - Part 1 and Part -2.

    Come and join us in Rootconf Pune on 21st of September to further the discussion on the topic.

  • Anwesha Das (@anweshasrkr) a month ago

    Hello,

    The deadline for submitting your revised slides was 30th August. I haven’t received an update on your revised slides. Since the conference is drawing near, 4 September is the hard stop for your revised slides. It is crucial that you submit your revised slides on time. There are a lot of steps to be carried out after the submission of the revised slides.

    I hope you understand the time crunch. Look forward to your cooperation.

    Regards,
    Anwesha

Login with Twitter or Google to leave a comment