TLSv1.3 – Ready or Not?  (TRON)


The Transport Layer Security (TLS) protocol (RFC5246) formerly known as the Secure Sockets Layer (SSL) has evolved to become one of, or perhaps the, most important security protocol used on the Internet, providing the security layer that underpins the web but also many other Internet protocols. Over the two decades since its inception, many TLS implementation vulnerabilities and some protocol design flaws have been discovered, sometimes requiring vary large scale and urgent remediation which is costly, damages confidence and exposes hosts on the Internet to sometimes significant risk.  At the same time, there are ongoing trends towards much greater use of encryption, and in particular for use of TLS, as the importance of security and privacy for Internet users becomes more apparent and as the Internet is more and more attacked from diverse sources. As a result, ensuring that new versions of TLS are thoroughly analysed is more important than used be the case. 
TLS is developed by the Internet Engineering Task Force ( TLS working group ( who are currently developing a major revision of TLS, TLSv1.3, which aims to improve both the security properties of TLS and the efficiency with which the TLS protocol can be used in important use-cases. The expected timeframe for this workanticipates that the TLSv1.3 protocol should be finalised around November 2015, ideally with only editorial changes being needed subsequently. The latest version of the TLSv1.3 draft can be accessed at:
Normally this timeline would result in the final specificaton (a new RFC) being issued very early in 2016. Given the importance of TLS, the likelihood that TLSv1.3 will be widely deployed very soon after it is complete, and the history of issues with earlier TLS versions and implementations, it is important that the security research communityhas the opportunity to analyse the new protocol before final publication and wide deployment. The TLS 1.3 publication process is therefore being paused to enable this analysis to take place and for its results to be absorbed. This creates a narrow window of opportunity in which security researchers can have a real, immediate, and lasting impact on the security of the deployed Internet.
Given this context, the goal of this workshop is to create a mechanism through which security analyses of TLS 1.3 can be brought to the attention of the IETF and developer communities, in order to build confidence in and improve TLS 1.3 before its wide-spread deployment. To that end we are seeking submissions on all aspects of the security of the TLSv1.3 protocol and/or implementations thereof. The goal is to present and discuss those submissions at the workshop in the presence of the designers and early implementers of TLSv1.3 and other attendees, so that the soundess of TLS 1.3 can be ascertained and any weaknesses that are identified can be mitigated or documented in a timely fashion. Note that proposals for cosmetic changes to the protocol or specification are extremely unlikely to be accepted at this stage in the process – this workshop is only aiming to find and mitigate flaws in the TLSv1.3 protocol or issues that are highly likely to affect TLSv1.3 implementations.

Call for Submissions

We welcome submissions in the form of research papers concerning all aspects of the security of TLS 1.3 and its implementations.  Our scope is deliberately broad. It includes, by way of illustration, formal analyses of, security proofs for, and attacks onTLS 1.3 protocol abstractions, analysis of components of the overall protocol suite, and positive and negative results concerning the security of specific implementations.  Submissions will be evaluated on their relevance to the workshop objective of building confidence in and improving TLS 1.3.
Papers already published, scheduled for publication, or intended for submission elsewhere are welcome as submissions.  The workshop will not have a formal proceedings, but we expect speakers to allow us to make their presentations available for free on the workshop website during and after the workshop.  Our intention is that this should not prejudice authors’ ability to publish their work in other, more formal venues before or after the workshop.  Authors of accepted submissions are also strongly encouraged to make their papers available to the community as preprints through the usual channels. 
Submissions should be non-anonymous, and consist of a main body and well-marked appendices. For papers that have already been published or accepted for publication already, submission should include a cover letter (at most 2 pages) commenting on what the workshop presentation would contain, appended with the accepted/published paper. For papers not already formally published, the main body should be at most 12 pages in length, in single-column format, with reasonable margins and fonts. If a work is currently in submission to a different venue, please note this in your submission. Such works will not be considered “double submissions”, and are welcome at this workshop. Appendices are unlimited in length; however, Workshop Technical Programme Committe members may base their decisions solely on the contents of the main bodies of submissions.

Location and Important Dates

Workshop Location: San Diego, CA, USA 
Workshop date: 2016-02-21 (co-located with NDSS 2016)
Abstracts/Expressions of interest due: 2015-12-01
Final submissions: 20151215 anywhere-on-earth
Notification/invitations to present at or attendworkshop: 2016-01-15
Other relevant dates:
– IETF-94: 2015-11-01 to 2015-11-06
– IETF-95: 2016-04-03 to 2016-04-08

Technical Programme Committee

– Karthikeyan Bhargavan, INRIA
– Stephen Farrell, Trinity College Dublin
– Marc Fischlin, TU Darmstadt
– Daniel Kahn Gillmor, ACLU
– Matthew Green, Johns Hopkins University (TPC co-chair)
– Russ Housley, Vigil Security
– Tibor Jager, Ruhr-Universität Bochum
– Karen O’Donoghue, ISOC
– Kenny Paterson, Royal Holloway, University of London (TPC co-chair)
– Douglas Stebila, QUT