org] *On Behalf Of *Tony Arcieri
> *Sent:* Saturday, December 3, 2016 9:04 AM
> *To:* Sean Turner <s...@sn3rd.com>
> *Cc:* <tls@ietf.org> <tls@ietf.org>
> *Subject:* Re: [TLS] Confirming consensus: TLS1.3->TLS*
>
>
>
> On Thu, Nov 17, 2016 at 6:12 PM, Sean
>
> The wire format is one thing, but there is work that has been done at a
> much higher level referencing "TLS 1.3", e.g. TRON work:
>
> http://prosecco.gforge.inria.fr/personal/karthik/pubs/
> proscript-tls-tron-2016.pdf
>
Thanks for the reference but this draft paper does not count as a
On Fri, Dec 2, 2016 at 7:57 PM, Scott Schmit wrote:
> This draft has been in development since April 2014, 2.6 years ago.
> Over that time, the wire protocol has changed multiple times and
> incompatibly. So not even all of that 2.6 years of details is still
> applicable to
> On Dec 2, 2016, at 10:34 PM, Tony Arcieri wrote:
>
> The consensus in the room was to leave it as is, i.e., TLS1.3, and to not
> rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision on
> the list so please let the list know your top choice between:
>
On Thu, Nov 17, 2016 at 6:12 PM, Sean Turner wrote:
> The consensus in the room was to leave it as is, i.e., TLS1.3, and to not
> rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision
> on the list so please let the list know your top choice between:
>
> -
On Fri, Dec 2, 2016 at 1:21 PM, Peter Gutmann
wrote:
> The change was proposed long ago, and deferred by the chairs until now.
> This
> is just another variant of the inertia argument.
You keep dismissing this argument out of hand, but I think it has merit.
I think
Viktor Dukhovni writes:
>I was with you up to this point, but I do think that going back to SSL is not
>a good idea, and takes us off topic.
It was just something to throw out there, and to point out that no matter what
the WG calls it, the rest of the world will keep
Maarten Bodewes writes:
>The point is we are now indeed on draft 18. Changing the name now is very
>problematic because everybody on the mailinglist already calls it TLS 1.3,
>for a long time and no matter what you do, a lot of us (who are hopefully the
>experts) will
On Dec 2, 2016, at 4:10 PM, Peter Gutmann wrote:
> Ugh, how very geeky,
Really?
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Hubert Kario writes:
>speaking of confusion, do you know that e-mail clients by "SSL" mean
>"SSL/TLS" and by "TLS" mean "STARTTLS"? (note the port numbers)
>https://sils.unc.edu/it-services/email-faq/outlook
>https://mail.aegee.org/smtp/kmail.html
I favor naming the result tls 1.3 - the X in 1.X has effectively become the
modern versioning field and we should stick with that road now as the best
of a bunch of weak options.
-Patrick
___
TLS mailing list
TLS@ietf.org
Aaron Zauner wrote:
(of course I'd opt for SSLv5 just to mess with people).
I'm surprised nobody has yet suggested retroactive renaming:
SSLv4 == TLS 1.0
SSLv5 == TLS 1.1
SSLv6 == TLS 1.2
SSLv7 == TLS 1.3
Mike
___
TLS
* Sean Turner [18/11/2016 03:13:23] wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
>
> The
> after considering all of the good points that have been circulating, I would
> like to change my vote
Woah, are you new here? :)
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
> Can’t we borrow one from tictoc?
Ever since they merged with NTP, it seems to be lost in a time loop and nobody
can find it.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Benjamin
<david...@chromium.org<mailto:david...@chromium.org>>, Tony Arcieri
<basc...@gmail.com<mailto:basc...@gmail.com>>,
"<tls@ietf.org<mailto:tls@ietf.org>>" <tls@ietf.org<mailto:tls@ietf.org>>
Date:12/02/201
> On Dec 2, 2016, at 3:33 AM, Peter Gutmann wrote:
>
> If no-one from Microsoft has any objections, can we just rename it back to
> what it's always been for everyone but us, SSL?
I was with you up to this point, but I do think that going back to SSL is
not a good
.auckland.ac.nz>, Stephen Farrell <stephen.farr...@cs.tcd.ie>,
David Benjamin <david...@chromium.org>, Tony Arcieri <basc...@gmail.com>,
"<tls@ietf.org>" <tls@ietf.org>
Date: 12/02/2016 12:34 PM
Subject:Re: [TLS] Confirming consensus: TLS1.3->
mann <pgut...@cs.auckland.ac.nz>; Stephen Farrell
<stephen.farr...@cs.tcd.ie>; David Benjamin <david...@chromium.org>; Tony
Arcieri <basc...@gmail.com>; <tls@ietf.org> <tls@ietf.org>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
On Fri 2016-12-02 03:3
> On 2 Dec 2016, at 19:58, David Benjamin wrote:
>
> (To clarify, I was not at all suggesting we go back to SSL. If we had a time
> machine, I might make other suggestions, but as far as I know we do not.)
Can’t we borrow one from tictoc?
gt; david...@chromium.org>; Tony Arcieri <basc...@gmail.com>; <tls@ietf.org> <
> tls@ietf.org>
> Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
>
> Stephen Farrell <stephen.farr...@cs.tcd.ie> writes:
>
> >IIRC that was sort-of a condition for adopt
m.org>; Tony Arcieri <basc...@gmail.com>; <tls@ietf.org>
<tls@ietf.org>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
Stephen Farrell <stephen.farr...@cs.tcd.ie> writes:
>IIRC that was sort-of a condition for adoption of the work in the IETF
>20
On Friday, 2 December 2016 16:12:05 CET Salz, Rich wrote:
> > Here's a useful and effective meme for convincing bosses that it's ok to
> > turn off SSLv3: all known versions of SSL are broken and should never be
> > used. Please do not break this meme by trying to rename TLS to SSL.
>
> Is "all
On 02/12/16 14:53, Thomas Pornin wrote:
Commercial CA tend to sell "SSL certificates", not "TLS certificates"
or "SSL/TLS certificates".
It's worse than that. Many customers, and even some salespeople, seem
to think that we sell "SSLs".
--
Rob Stradling
Senior Research & Development
> Here's a useful and effective meme for convincing bosses that it's ok to turn
> off SSLv3: all known versions of SSL are broken and should never be used.
> Please do not break this meme by trying to rename TLS to SSL.
Is "all known versions before SSL 4" that much worse?
Hi all,
The point is we are now indeed on draft 18. Changing the name now is very
problematic because everybody on the mailinglist already calls it TLS 1.3,
for a long time and no matter what you do, a lot of us (who are hopefully
the experts) will keep referring to it under that name.
If you
The bottom line is that this is an unanswerable question. My advice
is to not change the name, because I think more name changes = more
confusion and it is _way_ too late to put TLS back in the box. But
what do I know--I'm just an end user! :)
On Fri, Dec 2, 2016 at 9:42 AM, Hubert Kario
On Fri, Dec 02, 2016 at 02:17:24PM +, Ackermann, Michael wrote:
> In Enterprise circles TLS is an unknown acronym and as painful as it
> is, we must usually refer to it as SSL, before anyone knows what we
> are talking about. Software products are guilty too. Parameter
> fields frequently
On Friday, 2 December 2016 14:12:38 CET Salz, Rich wrote:
> > SSL 2 < SSL 3 < "SSL" 1.0 < "SSL" 1.1 < "SSL" 1.2 < "SSL" 4 is not logical
> > ordering
>
> So? Who cares? A couple-hundred people in the IETF. And the issue is that
> SSL 3 < "SSL" 1.0 which is the issue no matter what we call what
-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Ted Lemon
Sent: Friday, December 2, 2016 8:59 AM
To: Salz, Rich <rs...@akamai.com>
Cc: tls@ietf.org
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
Rich, I don't think there is any explanation that can be given for the
assertio
> SSL 2 < SSL 3 < "SSL" 1.0 < "SSL" 1.1 < "SSL" 1.2 < "SSL" 4 is not logical
> ordering
So? Who cares? A couple-hundred people in the IETF. And the issue is that
SSL 3 < "SSL" 1.0 which is the issue no matter what we call what we're doing
here. And the quotes around the last SSL do not
On Friday, 2 December 2016 14:04:36 CET Salz, Rich wrote:
> Nobody knows the difference tween 1.0 1.1 1.2
>
> SSL 4 or SSL 4.0 is a bigger number than 1.x and uses the same term that
> everyone, including our industry, uses. If someone sees "TLS 1.2" and
> thinks "wow, that's so much worse than
"Salz, Rich" writes:
People already know that SSL3 is worse than "SSL" 1.0 though 1.2 , it's logical
that SSL 1.3 continues that trend. creating "SSL" 4 will bring more confusion.
Please explain that assertion.
I was going to ask that too, the quoted text seems..., well,
On Friday, 2 December 2016 13:47:20 CET Salz, Rich wrote:
> > People already know that SSL3 is worse than "SSL" 1.0 though 1.2 , it's
> > logical that SSL 1.3 continues that trend. creating "SSL" 4 will bring
> > more confusion.
>
> Please explain that assertion.
SSL 2 < SSL 3 < "SSL" 1.0 <
Nobody knows the difference tween 1.0 1.1 1.2
SSL 4 or SSL 4.0 is a bigger number than 1.x and uses the same term that
everyone, including our industry, uses. If someone sees "TLS 1.2" and thinks
"wow, that's so much worse than SSL 4 because the number is so much smaller,"
then isn't that a
Rich, I don't think there is any explanation that can be given for the
assertion without collecting a lot of data. That said, the objection
makes sense to me. I certainly think of SSL as poison. Of course,
the average Joe on the street doesn't even know what TLS stands for,
but the people
On Friday, 2 December 2016 03:12:41 CET Peter Gutmann wrote:
> Tony Arcieri writes:
> >There's already ample material out there (papers, presentations, mailing
> >list discussions, etc) which talks about "TLS 1.3".
>
> In other words, the TLS WG and a small number of people
Yoav Nir writes:
>The way I’ve heard it “SSL” is a registered trademark owned by Netscape (now
>AOL), so we can’t use it unless AOL lawyers sign off on that. It might be
>wrong, but if it’s true - good luck with that.
> On 2 Dec 2016, at 10:33, Peter Gutmann wrote:
>
> Stephen Farrell writes:
>
>> IIRC that was sort-of a condition for adoption of the work in the IETF 20
>> years ago, when there were two different protocols already being deployed and
>>
Stephen Farrell writes:
>IIRC that was sort-of a condition for adoption of the work in the IETF 20
>years ago, when there were two different protocols already being deployed and
>the proponents of one of them said "we'll use that other one (SSL) but you
>gotta change
On 12/2/16 at 8:48 PM, rs...@akamai.com (Salz, Rich) wrote:
And also, the world will not care about a gap in numbering. Nobody cared that
there was no Windows 9.
If we go with 2017, we can tell the world that by using the year
the standard was approved, instead of a confusing set of names
> If we call the next one 4, we have to explain a gap in the versioning (1.0,
> 1.1, 1.2, 4?) and placing 2.0 and 3.0 after 1.2 becomes even more inviting.
No we don't have to explain it. Most of the world isn't OCD types like those
of us in this field.
> Once SSL 3.0 falls away, we'll be
> In other words, the TLS WG and a small number of people who interact with
> it call it TLS 1.3. That's hardly a strong argument when most of the rest of
> the
> world doesn't even call it TLS.
Strongly agreed
> pretty much the only reasons I've seen for TLS 1.3 are
> inertia, "we've always
Tony Arcieri writes:
>There's already ample material out there (papers, presentations, mailing list
>discussions, etc) which talks about "TLS 1.3".
In other words, the TLS WG and a small number of people who interact with it
call it TLS 1.3. That's hardly a strong argument
On Thu, Dec 1, 2016 at 6:16 PM, Tony Arcieri wrote:
> On Wed, Nov 30, 2016 at 8:43 PM, Viktor Dukhovni
> wrote:
>>
>> > I actually completely agree with Timothy Jackson's recent posting:
>> >
>> > After 15 years, everyone but us still calls it SSL. We
On Wed, Nov 30, 2016 at 8:43 PM, Viktor Dukhovni
wrote:
> > I actually completely agree with Timothy Jackson's recent posting:
> >
> > After 15 years, everyone but us still calls it SSL. We need to
> > admit that we lost the marketing battle and plan for a world where
Nick Sullivan writes:
>I took a very unofficial Twitter poll on this subject:
>https://twitter.com/grittygrease/status/80364408215424
Given the lack of context for the question (an out-of-the-blue query
to a random bunch of people on Twitter), I think the
I took a very unofficial Twitter poll on this subject:
https://twitter.com/grittygrease/status/80364408215424
Nick
On Tue, Nov 29, 2016 at 5:47 AM Raja ashok wrote:
> I feel we can go ahead with TLS 1.3.
>
> Or else TLS 3.4, because anyway we send 0x0304 on wire for
of future crypto protocols (that TLS WG might work on) can be more
specific and realistic.)
-Original Message-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dave Garrett
Sent: Tuesday, November 22, 2016 5:07 PM
To: tls@ietf.org
Subject: Re: [TLS] Confirm
realistic.)
-Original Message-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dave Garrett
Sent: Tuesday, November 22, 2016 5:07 PM
To: tls@ietf.org
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
(replies to a bunch of ideas in this thread)
As the person who lit the match unde
Using the YEAR as Version was created to make sure that users having old
versions
of products that are constantly upgraded would feel the pressure to upgrade.
This idea doesn't seem equally suitable for security protocols.
TLS 4 would IMO be a logical choice since it is numerically higher than
(replies to a bunch of ideas in this thread)
As the person who lit the match under this latest bikeshed debate, personally,
I don't see a strong consensus building here. Leaving the bikeshed unpainted
seems like the option we're headed for, at this rate. I'm fine with TLS 1.3 if
that's the
I have a small preference for TLS 1.3.
On Tue, Nov 22, 2016 at 10:04 AM, Scott Schmit wrote:
> On Fri, Nov 18, 2016 at 11:12:48AM +0900, Sean Turner wrote:
> > At IETF 97, the chairs lead a discussion to resolve whether the WG
> should rebrand TLS1.3 to something else.
If it wasn't because we don't need more noise in this discussion I would
have suggested SSL 5.0 which seems to be the logical conclusion from the
reasoning people are using. Clearly, everyone thinks that the battle of
replacing "SSL" with "TLS" in the popular and technical references to the
➢ You should be reluctant to draw too many conclusions from a field which you
can only access by clicking through a big scary warning that you are voiding
your warranty:
Warranty?
And sure, users never click through security warnings ☺
At any rate, this was intended to be a little
On Mon, 2016-11-21 at 19:34 +, Salz, Rich wrote:
> Do "about:config" in firefox and look for TLS:
> security.tls.version.max default integer 3
>
> And then perhaps look at http://kb.mozillazine.org/Security.tls.version.*
> (yes the star is part of the URL)
>
> EVEN MOZILLA
On Mon, Nov 21, 2016 at 2:51 PM, Yoav Nir wrote:
>
> > On 21 Nov 2016, at 20:43, Salz, Rich wrote:
> >
> >
> >> With this in mind, I'm voting in favor of any re-branding of TLS 1.3
> where the
> >> protocol name remains "TLS" and major version becomes > 1.
+1 to TLS 1.3. My strong preference is TLS 1.3.
Reasons have been advanced ad-nauseam.
Just a couple of additional thoughts:
1.3 is in the protocol. So there.
"Perl 6". Just because you advance a version number to a big one,
doesn't mean that businesses will see the justification to upgrade.
On Mon, Nov 21, 2016 at 11:34 AM, Salz, Rich wrote:
> Do "about:config" in firefox and look for TLS:
> security.tls.version.max default integer 3
>
> And then perhaps look at http://kb.mozillazine.org/Security.tls.version.*
> (yes the star is part of the URL)
>
>
Throwing my hat into the ring, the basic record protocol has not changed.
If anything, what is currently referred to as TLSv1.3 is really just a major
update to the handshake messages.
If the record protocol were to change to use a sane 4-byte header (which I
proposed many months ago), then I
> On 21 Nov 2016, at 20:43, Salz, Rich wrote:
>
>
>> With this in mind, I'm voting in favor of any re-branding of TLS 1.3 where
>> the
>> protocol name remains "TLS" and major version becomes > 1.
>
> Me too.
Agree
___
TLS
Do "about:config" in firefox and look for TLS:
security.tls.version.max default integer 3
And then perhaps look at http://kb.mozillazine.org/Security.tls.version.* (yes
the star is part of the URL)
EVEN MOZILLA can't get it "right."
In the room last week, I hummed for "TLS 4".
that said, I overall agree with Andrei's sentiment..
> I'm voting in favor of any re-branding of TLS 1.3 where the
> protocol name remains "TLS" and major version becomes > 1.
HTH,
=JeffH
___
TLS mailing
Hello,
On Mon, Nov 21, 2016 at 9:43 PM, Salz, Rich wrote:
>
> > With this in mind, I'm voting in favor of any re-branding of TLS 1.3
> where the
> > protocol name remains "TLS" and major version becomes > 1.
>
> Me too.
>
> +1
--
SY, Dmitry Belyavsky
> With this in mind, I'm voting in favor of any re-branding of TLS 1.3 where the
> protocol name remains "TLS" and major version becomes > 1.
Me too.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
ains "TLS" and major version becomes > 1.
Cheers,
Andrei
-Original Message-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Peter Gutmann
Sent: Friday, November 18, 2016 6:41 PM
To: Ilari Liusvaara <ilariliusva...@welho.com>
Cc: <tls@ietf.org> <tls@ietf.org&
> On Nov 20, 2016, at 7:56 PM, D. J. Bernstein wrote:
>
> Of course people who prioritize retaining the existing "TLS 1.3"
> mindshare will be just as unhappy with "TLS 2017" as with "TLS 4", but
> they'll get over it within a few years. :-)
This worked well enough for IDNA2003
I give the chairs my full support for whatever colour they wish to paint this
bikeshed.
> On 18 Nov. 2016, at 1:12 pm, Sean Turner wrote:
>
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
gt;
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
The messages on the list seem to be perfectly split between "TLS 1.3"
and "TLS 4". I suspect that the "TLS 2017" idea will break this impasse:
* it shares the fundamental advantage that led to the "
On 11/21/16 at 4:56 PM, d...@cr.yp.to (D. J. Bernstein) wrote:
The messages on the list seem to be perfectly split between "TLS 1.3"
and "TLS 4". I suspect that the "TLS 2017" idea will break this impasse:
* it shares the fundamental advantage that led to the "TLS 4" idea;
* it has the
On Sun, Nov 20, 2016 at 2:17 PM, Filippo Valsorda wrote:
> I'm definitely for 1.3.
>
> I get where 4 is coming from, but 1.2 is not going anywhere soon, and we
> spent the last 10 years training people that the high-numbered one is
> bad, and that the 1.x ones are cool.
>
> I
The messages on the list seem to be perfectly split between "TLS 1.3"
and "TLS 4". I suspect that the "TLS 2017" idea will break this impasse:
* it shares the fundamental advantage that led to the "TLS 4" idea;
* it has the additional advantage of making the age obvious;
* it eliminates
Rebrand 4. There is no reason not to.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Maintaining my hum from the meeting, I prefer keeping TLS 1.3 over
renaming, primarily because there's now a good amount of
documentation/implementation in the wild that refers to TLS 1.3, and we'll
need to keep around the new equivalence of TLS 2 (or 4)=TLS 1.3.
On Sat, Nov 19, 2016, 8:31 AM
"Then why is the library still
> called OpenSSL?"
All those arguments show basic confusion of what TLS is. Version numbers won't
help solve that.
Only going back to using the SSL name might.
___
TLS mailing list
TLS@ietf.org
Hi,
I think that the presumption that most tech people (or even security people)
won't have any trouble with the future version numbering of TLS is wrong.
Yesterday morning, on an SAE Vehicle Electrical Systems Security call with
some 40 auto security professionals present, I mentioned that TLS
Ilari Liusvaara writes:
>Nope, I was referring to the very technical property that if client sends a
>TLS 1.3 handshake, a TLS 1.2 server can still successfully interop, provoded
>that the client does TLS 1.2 too
That's like saying that PGP and S/MIME are compatible
On Thu, Nov 17, 2016 at 9:12 PM, Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
>
>
On 2016-11-19 07:35, Victor Vasiliev wrote:
On Fri, Nov 18, 2016 at 9:30 PM, Kazuho Oku > wrote:
I oppose to going to TLS 4, due to the following reasons:
* it might give people false notion that SSL 2.0, 3.0 is superior to TLS
On Fri, Nov 18, 2016 at 9:30 PM, Kazuho Oku wrote:
> I oppose to going to TLS 4, due to the following reasons:
>
> * it might give people false notion that SSL 2.0, 3.0 is superior to TLS
> 1.0-1.2
> * if name the new protocol TLS 1.3, 2.0, or 2, then there would be no
>
On Sat, Nov 19, 2016 at 02:41:04AM +, Peter Gutmann wrote:
> Replying to several messages at once to save space:
>
> Ilari Liusvaara:
>
> >One can downnegotiate TLS 1.3 to TLS 1.2.
>
> Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him
> whether it was possible to
On Fri, 2016-11-18 at 13:19 -0800, Vlad Krasnov wrote:
> > Well, for example, your website has twice as many mentions of SSL
> > as TLS. Why? Why don't you have a product called "Universal TLS"?
> > The ratio is the same for letsencrypto.org. TLS 1.0 had already
> > existed for more then a
Vlad Krasnov writes:
>Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are
>considered a major: just look at the difference between HTTP/2 and HTTP/1 -
>those are completely different protocols.
So are TLS 1.x and "1.3". It'd be interesting to hear from
Replying to several messages at once to save space:
Ilari Liusvaara:
>One can downnegotiate TLS 1.3 to TLS 1.2.
Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him
whether it was possible to upgrade from an Apple II+ to an Apple IIe, he
similarly said "yes, you unplug
2016-11-19 7:32 GMT+09:00 Eric Mill :
> It seems like TLS 2 and TLS 2.0 have very little support, so it's really
> just deciding between:
>
> TLS 1.3
> TLS 4 (or maybe 4.0)
>
>
I oppose to going to TLS 4, due to the following reasons:
* it might give people false notion that
I recognize I don't participate on this list very often, but I also agree
with TLS 4.0 and Dan's argument. I teach an undergraduate security course
at Michigan; students have enough trouble keeping track of SSL vs TLS
versions as it is. Jumping to 4.0 allows us to end this versioning debacle
now.
If we decide to move to some numeral higher than 3 to avoid confusion, I
recommend *TLS 4*, but urge people to tell the story of the name in a way
that retains some sense of continuity and logic.
Here's a framing that makes sense:
*TLS 4 is the fourth version of TLS*
This framing will tell a
It seems like TLS 2 and TLS 2.0 have very little support, so it's really
just deciding between:
TLS 1.3
TLS 4 (or maybe 4.0)
I'll just amplify Rich's and djb's points by noting that the cost of
switching away from TLS 1.3 really only affects a very small number of
people -- really just the
>In the end, it's just a label.
And some folks here have tried to explain why labels matter. If you don't find
those arguments compelling, that's fine. But if it's really "just" a label to
you, then I'll assume we've seen your last post on this thread? :)
--
Senior Architect, Akamai
On 18 Nov 2016 21:10, "Peter Gutmann" wrote:
> Which is kind of odd, because the consensus on the list when it was
debated
> here a while back was to not call it 1.3.
Some of us stayed quiet for that conversation. I might speculate that it
was because it wasn't a
Hi all,
The consensus in the room was to leave it as is, i.e., TLS1.3, and
tonot rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this
decision on the list so please let the list know your top choice between:
- Leave it TLS 1.3
- Rebrand TLS 2.0
- Rebrand TLS 2
- Rebrand TLS 4
Is
> People changing browser settings? Really?
I was thinking about site admins.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
It is imprinted in people's mind that minor version numbering = small
improvements and compatibility. People for better or worse see a minor
version as minor improvements and often disregard them considering the
effort versus the payout - even if that is a single configuration change.
That's how
> Well, if the result of the confusion would be people *disabling* TLS 1.* in
> favor of SSL 3.0, they would discover very quickly what is TLS, and why no
> major browser works for them.
People changing browser settings? Really?
___
TLS mailing list
> Well, for example, your website has twice as many mentions of SSL as TLS.
> Why? Why don't you have a product called "Universal TLS"? The ratio is the
> same for letsencrypto.org. TLS 1.0 had already existed for more then a decade
> before either place existed. BTW, at google, it's 20:1,
> First: where can we see the study that proves people are indeed confused
> that TLS > SSL? I don’t buy into that. Are people really confused after 17
> years
> of TLS?
Well, for example, your website has twice as many mentions of SSL as TLS. Why?
Why don't you have a product called
+1 for TLS 1.3 anything else is confusing to everybody (the term 'SSL' is
still very common in the layman vocabulary)
That said, if I had to pick a second choice, then TLS4 would be my choice.
Deb Cooley
On Fri, Nov 18, 2016 at 3:26 PM, Joseph Birr-Pixton
wrote:
> For what
For what it's worth I would prefer TLS4.
Cheers,
Joe
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
First: where can we see the study that proves people are indeed confused that
TLS > SSL? I don’t buy into that. Are people really confused after 17 years of
TLS?
Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are
considered a major: just look at the difference between
The largest number of users have the least amount of information, and
they see version numbers as part of various user interfaces. It's clear
how they will be inclined to guess 3>1.3>1.2>1.1>1.0 (very bad) but
4>3>1.2>1.1>1.0 (eliminating the problem as soon as 4 is supported).
We've all heard
1 - 100 of 121 matches
Mail list logo