Protecting your data on the web is about to get faster
Oh, and technology called TLS 1.3 makes the web more secure, too.
Stephen Shanklandprincipal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertiseprocessors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, scienceCredentials
I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
The encryption that protects your browser's connection to websites is getting a notch faster and a notch safer to use.
That's because the Internet Engineering Task Force (IETF) on Friday finished a years-long process of modernizing the technology used to secure website communications. You may never have heard of Transport Layer Security -- TLS for short -- but version 1.3 is now complete and headed to websites, browsers and other parts of the internet that rely on its security.
"Publishing TLS 1.3 is a huge accomplishment. It is one the best recent examples of how it is possible to take 20 years of deployed legacy code and change it on the fly, resulting in a better internet for everyone," said Nick Sullivan, head of cryptography for Cloudflare, which helps customers distribute their websites and other content around the world, in a blog post.
And now TLS is more important than ever. Google, Mozilla, Cloudflare and others are pushing hard to encrypt every webpage, not just obviously sensitive ones like login pages. Doing so thwarts surveillance, hackers and companies that want to inject their own advertisements.
TLS 1.3 speeds up encryption
TLS 1.3 brings some significant improvements over TLS 1.2, which was finished 10 years ago. Perhaps first on the list is that it'll mean websites load faster.
Setting up an encrypted connection on the web historically has caused delays since your browser and the website server must send information back and forth in a process called a handshake. The slower your broadband or the more congested your mobile network is, the more you'll notice these delays.
TLS 1.3 cuts the number of round-trip exchanges in the handshake from two to one, and a more advanced version can cut it all the way to zero.
The academic and theoretical foundations of TLS now have been updated with today's more practical security knowledge, added Cloudflare's Sullivan. "TLS was 90s crypto: It meant well and seemed cool at the time, but the modern cryptographer's design palette has moved on," he said.
TLS 1.3 is actually here already -- at least in draft form. Both Google Chrome and Mozilla Firefox incorporated a draft version of the standard and are working now on shipping TLS 1.3 in its final form. And even in draft form, TLS is a big deal at Facebook.
"Today, more than 50 percent of our internet traffic is secured with TLS 1.3," the social network giant said earlier in August in a blog post as it released a version of TLS technology other websites are free to use as well. "That will continue to grow as browsers and apps add support for TLS 1.3."
Follow the Money: This is how digital cash is changing the way we save, shop and work.
CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.