The main problem right now is that most protocols that support TLS don't get deployed with TLS or are deployed with weak ciphers enabled, Johansson said. The new working group's goal is to provide clear and simple operational guidelines that can inform actual real-world deployment of TLS in actual real-world protocols, he said.
According to its charter, the group has the following tasks:
-- Update the definitions for using TLS over a set of representative application protocols. This includes communication with proxies, between servers, and between peers, where appropriate, in addition to client/server communication.
-- Specify a set of best practices for TLS clients and servers, including but not limited to recommended versions of TLS, using forward secrecy, and one or more ciphersuites and extensions that are mandatory to implement.
-- Consider, and possibly define, a standard way for an application client and server to use unauthenticated encryption through TLS when server and/or client authentication cannot be achieved.
-- Create a document that helps application protocol developers use TLS in future application definitions.
"The WG will make the fewest changes needed to achieve good interoperable security for the applications using TLS," the group's charter says. "No changes to TLS itself will be made in this WG, and the WG will ensure that changes to current versions of popular TLS libraries will not be required to conform to the WG's specifications."
The main problem with deploying SSL/TLS is that there are many things to get wrong, from using configurations with insecure ciphers and insufficiently strong private keys to using older versions of TLS libraries that don't have all security patches.
"SSL/TLS is a deceptively simple technology," SSL experts from security firm Qualys said in a document describing SSL/TLS deployment best practices. "SSL is easy to deploy, but it turns out that it is not easy to deploy correctly. To ensure that SSL provides the necessary security, users must put extra effort into properly conguring their servers."
In recent years, researchers demonstrated attacks against TLS configurations that use the RC4 stream cipher or block ciphers operating in cipher-block-chaining (CBC) mode, leaving ciphers that operate in Galois/Counter Mode (GCM) as the secure alternatives. However, GCM ciphers are only available in TLS 1.2 which is not widely deployed at the moment.
According to statistics from the SSL Pulse project, only around 22 percent of the world's 161,000 most popular HTTPS (HTTP Secure) websites had support for TLS 1.2 as of Dec. 2. On the client-side, only recent versions of the most popular browsers support this version of the protocol.
"I believe there will be a lot of effort among large-scale deployers of HTTPS to move to TLS 1.2," Johansson said.
Sign up for CIO Asia eNewsletters.