momius - Fotolia
Risk & Repeat: The TLS 1.3 clock continues to click
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the long wait for TLS 1.3 and the effects -- positive and negative -- the delays have had for enterprise security.
Security professionals are still waiting for the newest version of the Transport Layer Security protocol, but the delays for TLS 1.3 may have had more beneficial effects than negative ones.
The last update for the protocol was in 2008, and the TLS 1.3 release date has been something of a mystery. The first official draft for TLS 1.3 arrived in 2014, and, since that time, the specification has undergone several changes as new issues with the protocol have been discovered.
Some of these problems, such as middlebox compatibility issues, forced companies like Google to roll back support for TLS 1.3. In addition, concerns have been raised about the protocol's use of RSA Security's BSAFE library and the potential for it to introduce backdoors.
TLS 1.3, however, would be a major improvement over the previous version, and it would introduce a number of benefits for organizations. Yet the specification hasn't been finalized, and only a handful of technology companies adopted support for the working draft.
Have the repeated delays for TLS 1.3 negatively impacted enterprise security? Or are the delays necessary to root out serious flaws? Will we see a TLS 1.3 release date in 2018? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.