As you may already know, Bulletproof TLS and PKI is a living book. Not content with watching it slowly decay, we stay up to date with the developments and keep the material up to date. Whenever we update the book, the digital editions are updated straight away. This page outlines the changes we made—or intend to make—since the latest print edition.
Overall, the second edition is aging remarkably well. The advice in the book remains fresh and is likely to stay that way for at least a few years... until we get closer to building a Cryptographically-Relevant Quantum Computer (CRQC). Don't get us wrong, a global transition to post-quantum cryptography is currently in progress, but that's likely to last for at least a decade, if not longer.
Planned Updates
This section outlines the main changes we're planning to make to the second edition of Bulletproof TLS and PKI, as published in January 2022.
Chapter 1: SSL, TLS, and Cryptography
- Introduce post-quantum cryptography and explain how it affects the network threat model.
Chapter 2: TLS 1.3
- Document the new hybrid key exchange, which was added to support post-quantum cryptography in TLS 1.3. The hybrid approach is used to combine the traditional and post-quantum primitives as defense to the current and future threats.
- Document Encrypted Client Hello (ECH), which is currently in the last stages of standardization. ECH is a new technology that can be used to improve end-user privacy as it removes from plaintext the information about what website is being visited. This information is leaked via the Server Name Indication (SNI) extension. There is little practical impact for the average TLS user, however, as ECH is a technology that popular CDNs need to deploy.
Chapter 4: PKI
- Certification Authority Authorization (CAA) has been extended, for example to add support for S/MIME certificates and integrate with ACME. Mention this and update the example configuration accordingly.
Chapter 11: Configuration Guide
- Recommend considering using ML-KEM as the preferred key exchange mechanism. Quantum computers don't currently represent a danger to the majority of organizations. The only feasible threat is the so-called store now, decrypt later attack, where encrypted information is captured today, kept for an extended period of time, only to be decrypted when a CRQC becomes available. If you're currently using TLS to protect information that will remain sensitive in the decades to come, you should act now.