Re: [TLS] Terminology clarification around SSL & TLS
On Thursday, September 01, 2016 03:17:50 pm Julien ÉLIE wrote: > There's still something I find confusing: on the one hand, SSL is badly > broken and "diediedied", it is a proprietary protocol name, and the > consensus in the TLS WG seems to be "long live TLS" but on the other > hand major SSL/TLS implementations keep the SSL name living. Arguably, renaming SSL to TLS and restarting the version numbering was a bad decision. SSL/TLS is a 21 year old protocol. It's got more than a few bad decisions in it, at least in hindsight. I too wish that major organizations would ditch the SSL naming for TLS, however until very recently many still supported SSL in some form (which is it's own problem). It is unfortunately not easy to convince everyone to update things. Dave ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Terminology clarification around SSL & TLS
Hi, The technology is SSL, and is sometimes also refered to as SSL/TLS. please no. the technology is TLS. + i would like to continue to be able to say unambiguously that all known versions of SSL are badly broken and should be avoided. Let's not muddy those waters further. + Let's not use a proprietary protocol name for a standard protocol. Conveniently, all SSL is broken now, long live TLS! There's still something I find confusing: on the one hand, SSL is badly broken and "diediedied", it is a proprietary protocol name, and the consensus in the TLS WG seems to be "long live TLS" but on the other hand major SSL/TLS implementations keep the SSL name living. When people look for TLS implementations, they will find OpenSSL, BoringSSL, LibreSSL, MatrixSSL, wolfSSL, etc. Besides, a developer will often use "-lssl" to link against TLS libraries. So, if the consensus is to prevent people who speak about or work on TLS from constantly viewing the SSL name, will forthcoming software releases change their name? Otherwise, confusion keeps being sustained... -- Julien ÉLIE « En voyant le lit vide, il le devint. » (Ponson du Terrail) ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Terminology clarification around SSL & TLS
On Wednesday, August 31, 2016 12:44:02 pm Daniel Kahn Gillmor wrote: > i would like to continue to be able to say unambiguously that all known > versions of SSL are badly broken and should be avoided. Let's not muddy > those waters further. +1 ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Terminology clarification around SSL & TLS
+1. Let's not use a proprietary protocol name for a standard protocol. Conveniently, all SSL is broken now, long live TLS! -Original Message- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Salz, Rich Sent: Wednesday, August 31, 2016 10:40 AM To: Daniel Kahn Gillmor <d...@fifthhorseman.net>; Julien ÉLIE <jul...@trigofacile.com>; tls@ietf.org Subject: Re: [TLS] Terminology clarification around SSL & TLS > i would like to continue to be able to say unambiguously that all > known versions of SSL are badly broken and should be avoided. Let's > not muddy those waters further. +1 -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Terminology clarification around SSL & TLS
> i would like to continue to be able to say unambiguously that all known > versions of SSL are badly broken and should be avoided. Let's not muddy > those waters further. +1 -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] Terminology clarification around SSL & TLS
On Wed 2016-08-31 03:35:38 -0400, Julien ÉLIE wrote: > Following a recent discussion about how to name the successor of TLS > 1.2, I wish to share an idea about a possible terminology clarification. > I believe it could help to conciliate people understanding of SSL & TLS. > > We would have 3 notions: > 1/ the technology, > 2/ the protocols, > 3/ the protocol versions. > > The technology is SSL, and is sometimes also refered to as SSL/TLS. > (Note that bare TLS is not a technology.) please no. the technology is TLS. The time for us to have made the other decision was 17 years ago before TLS 1.0 was formalized. i would like to continue to be able to say unambiguously that all known versions of SSL are badly broken and should be avoided. Let's not muddy those waters further. --dkg ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] Terminology clarification around SSL & TLS
Hi all, Following a recent discussion about how to name the successor of TLS 1.2, I wish to share an idea about a possible terminology clarification. I believe it could help to conciliate people understanding of SSL & TLS. We would have 3 notions: 1/ the technology, 2/ the protocols, 3/ the protocol versions. The technology is SSL, and is sometimes also refered to as SSL/TLS. (Note that bare TLS is not a technology.) The protocols are: - deprecated eponym SSL, - TLS, - DTLS. The protocol versions are: - 1.0, 2.0 and 3.0 for SSL, - 1.0, 1.1, 1.2 and 2.0 for TLS, - 1.0, 1.2 and 2.0 for DTLS. Any comments about that proposal? -- Julien ÉLIE ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
