Rootconf Pune edition
Rootconf
Rootconf

Rootconf Pune edition

On security, network engineering and distributed systems

Tickets

Loading…

All submissions
This submission has been added to the schedule

Huzaifa Sidhpurwala

@huzaifas

Lets talk about TLS 1.3

Submitted Mar 10, 2019

Section: Full talk Technical level: Intermediate Section: Full talk (40 mins) Category: Security

SSL/TLS is probably the most widely used security protocol on the internet. Since heartbleed was discovered a few years back, this protocol has been constantly audited and evaluated by security researchers around the world. TLS 1.3 is the latest version of the protcol designed from ground up to be more secure than its previous versions. This talk discusses new features and security improvements in TLS 1.3.

Outline

We will talk about what SSL/TLS is, why it is important for the internet. Then take a brief look at few of the security flaws in the protocol over the years. The finally look at security and performance improvements in TLS 1.3. Lastly why should this affect you as a systems engineer, system administrator, developer or even as a normal user.

Requirements

Basic understanding of how protocols work, basic understanding of cryptography.

Speaker bio

I work as a Principal Product Security Engineer with Red Hat. I have been involved with high impact security flaws specially related to SSL/TLS over the last 10 years. I am a part of various upstream security teams and a contributor to Fedora security team.

Slides

https://www.slideshare.net/HuzaifaSidhpurwala/rootconf2019

All submissions

Comments

Login to leave a comment

  • Zainab Bawa

    @zainabbawa Editor & Promoter

    Thanks for a wonderful rehearsal this morning, Huzaifa. Adding feedback here:

    1. What is the goal of this talk? It is to understand TLS 1.3. There is a lot of work involved to adapt, whether you are a developer, sysadmin and operations manager. The goal is to show what needs to be done to adapt. Huzaifa is showing adaptation by comparing version 1.2 and 1.3.Will be helpful to call out at the beginning of the talk what is the goal/takeaway of the talk, and how Huzaifa will do it.
    2. Nisheed's suggestion is to show at the start of the talk what was the upheaval caused at the start of the year, including monetary impact + loss as a result of TLS 1.2. Setting this context will help emphasize the importance of TLS 1.3 and be a good build-up to all the details that will follow.
    3. Connection resumption requires technical clarification, including signing key.
    4. PFA is a big thing. How is this maintained? State the adoption caveats.
    5. Narrate the talk like a story: the mess-up, how we are getting out of this, and what next.
    6. Show comparisons across TLS 1.2 and TLS 1.3. For example handshakes. If you show the comparisons across, this will be a good selling point for the talk.
    7. Attacks need a little more explanation.
    8. Slides don't contain bunch of concepts that Huzaifa mentioned while speaking. This will cause participants to make mental notes which will be a mental bandwidth strain. Add simple bullet points so that participants have an anchor to stay connected with.
    9. Add graphics/visuals to your slides.
    10. Add contact information slide end of the talk.
    11. Also share references for more material on TLS 1.3 which participants can look up after your talk.
    Posted 5 years ago
Hybrid access (members only)

Hosted by

Rootconf
Rootconf
We care about site reliability, cloud costs, security and data privacy