Latest in Gear

Image credit: baona via Getty Images

New web security standard promises safer, faster browsing

A lot has changed in the four years it was in development.
897 Shares
Share
Tweet
Share
Save

Sponsored Links

baona via Getty Images

It's safe to say that web security could use a tune-up given the deluge of malware attacks and data breaches. Thankfully, it's about to get one. The Internet Engineering Task Force has approved Transport Layer Security 1.3, a new standard that makes some fundamental improvements to how and when web encryption kicks in. For the most part, int involves both shrinking the window of opportunity for intruders and preventing them from recycling code.

To begin with, the handshake between your client and the server will invoke encryption sooner, reducing the amount of unprotected data both sides send. Old encryption algorithms are no longer options, so a hacker can't force the use of a legacy format to break security. Evildoers also can't reuse decryption keys for future transactions.

Surfing should be a little faster, too. There's a zero round-trip time mode that lets clients and servers get to business if they've already established preliminary details. The addition could speed up internet services whenever there are repeated connections.

You'll only see the effect of this once sites start adopting the standard. However, the upgrade is arguably overdue. TLS 1.3 has taken over 4 years to produce, and a lot has changed since then -- web encryption has become virtually mandatory, privacy has become a much larger issue and the consequences of security flaws can be severe. This certainly won't put an end to online threats, but it could stop attacks that take advantage of basic flaws in how the internet works.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
897 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

View
Watch the 'Android' Nokia phone that never had a chance to exist

Watch the 'Android' Nokia phone that never had a chance to exist

View
TiVo tries running pre-roll ads before your recorded shows

TiVo tries running pre-roll ads before your recorded shows

View
YouTube CEO apologizes for channel verification mess (updated)

YouTube CEO apologizes for channel verification mess (updated)

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr