Latest in Gear

Image credit: baona via Getty Images

New web security standard promises safer, faster browsing

A lot has changed in the four years it was in development.
810 Shares
Share
Tweet
Share
Save
baona via Getty Images

It's safe to say that web security could use a tune-up given the deluge of malware attacks and data breaches. Thankfully, it's about to get one. The Internet Engineering Task Force has approved Transport Layer Security 1.3, a new standard that makes some fundamental improvements to how and when web encryption kicks in. For the most part, int involves both shrinking the window of opportunity for intruders and preventing them from recycling code.

To begin with, the handshake between your client and the server will invoke encryption sooner, reducing the amount of unprotected data both sides send. Old encryption algorithms are no longer options, so a hacker can't force the use of a legacy format to break security. Evildoers also can't reuse decryption keys for future transactions.

Surfing should be a little faster, too. There's a zero round-trip time mode that lets clients and servers get to business if they've already established preliminary details. The addition could speed up internet services whenever there are repeated connections.

You'll only see the effect of this once sites start adopting the standard. However, the upgrade is arguably overdue. TLS 1.3 has taken over 4 years to produce, and a lot has changed since then -- web encryption has become virtually mandatory, privacy has become a much larger issue and the consequences of security flaws can be severe. This certainly won't put an end to online threats, but it could stop attacks that take advantage of basic flaws in how the internet works.

From around the web

ear iconeye icontext filevr