I was watching some talks on the developing TLS 1.3 protocol [1], just checking on what’s been happening in recent drafts, and noticed that the authentication step in the connection handshake is now encrypted. Here is another video slightly more introductory [2].
This is really cool as it can bring privacy to certificate extensions, preventing say a client’s access policy being revealed to a passive attacker. I’m not yet sure if I understand to what this extends to the server’s certificate, or for active attackers. For that I may have to follow the mailing list discussions [3] more closely or check out a current implementation.
Perhaps with TLS 1.3, this might void some of my remarks on the potential drawbacks I discussed earlier about SROS’s use of pigging backing on the transport layer encryption. Also, the reduced number of round trips would also help improve the connection time between SROS nodes.
1 RuhrSec 2016: “Transport Layer Security – TLS 1.3 and backwards security issues”, Jörg Schwenk | @4:02
2 An overview of TLS 1.3 and Q&A | 4th slide or @9:00
3 https://www.ietf.org/mail-archive/web/tls/current/msg17472.html