Are future TLS versions going to prevent traffic inspection?

TLS by itself protects the sniffing and modification of traffic between two endpoints, i.e. client and server. TLS interception just makes two TLS connections where only one was, i.e. client to interception device and interception device to server. This will still work with future TLS versions.

TLS interception is only possible if the validation of the endpoints does not detect the interception (or explicitly allows it). How the validation of the endpoint is done is not part of the TLS protocol itself and thus changes to the TLS protocol will not affect this part. Thus the current mechanisms for SSL interception by using a trusted proxy CA will still work as does SSL pinning if interception should not be allowed. Note that today's browsers will ignore pinning if the certificate is signed by an explicitly added CA, which means that pinning will be ignored when legal TLS interception is used. But this again is an issue of validating the certificate and is unrelated to the TLS version.


No.

AFAIK there is nothing inside the TLS 1.3 Draft about that. And I don't think there's a technical solution to this either. If you allow somebody to install an additional root CA on your computer, then all bets are off.