Re: [TLS] Confirming consensus: TLS1.3->TLS*

org] *On Behalf Of *Tony Arcieri > *Sent:* Saturday, December 3, 2016 9:04 AM > *To:* Sean Turner <s...@sn3rd.com> > *Cc:* <tls@ietf.org> <tls@ietf.org> > *Subject:* Re: [TLS] Confirming consensus: TLS1.3->TLS* > > > > On Thu, Nov 17, 2016 at 6:12 PM, Sean

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> > The wire format is one thing, but there is work that has been done at a > much higher level referencing "TLS 1.3", e.g. TRON work: > > http://prosecco.gforge.inria.fr/personal/karthik/pubs/ > proscript-tls-tron-2016.pdf > Thanks for the reference but this draft paper does not count as a

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, Dec 2, 2016 at 7:57 PM, Scott Schmit wrote: > This draft has been in development since April 2014, 2.6 years ago. > Over that time, the wire protocol has changed multiple times and > incompatibly. So not even all of that 2.6 years of details is still > applicable to

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> On Dec 2, 2016, at 10:34 PM, Tony Arcieri wrote: > > The consensus in the room was to leave it as is, i.e., TLS1.3, and to not > rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision on > the list so please let the list know your top choice between: >

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Thu, Nov 17, 2016 at 6:12 PM, Sean Turner wrote: > The consensus in the room was to leave it as is, i.e., TLS1.3, and to not > rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision > on the list so please let the list know your top choice between: > > -

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, Dec 2, 2016 at 1:21 PM, Peter Gutmann wrote: > The change was proposed long ago, and deferred by the chairs until now. > This > is just another variant of the inertia argument. You keep dismissing this argument out of hand, but I think it has merit. I think

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Viktor Dukhovni writes: >I was with you up to this point, but I do think that going back to SSL is not >a good idea, and takes us off topic. It was just something to throw out there, and to point out that no matter what the WG calls it, the rest of the world will keep

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Maarten Bodewes writes: >The point is we are now indeed on draft 18. Changing the name now is very >problematic because everybody on the mailinglist already calls it TLS 1.3, >for a long time and no matter what you do, a lot of us (who are hopefully the >experts) will

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Dec 2, 2016, at 4:10 PM, Peter Gutmann wrote: > Ugh, how very geeky, Really? ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Hubert Kario writes: >speaking of confusion, do you know that e-mail clients by "SSL" mean >"SSL/TLS" and by "TLS" mean "STARTTLS"? (note the port numbers) >https://sils.unc.edu/it-services/email-faq/outlook >https://mail.aegee.org/smtp/kmail.html

Re: [TLS] Confirming consensus: TLS1.3->TLS*

I favor naming the result tls 1.3 - the X in 1.X has effectively become the modern versioning field and we should stick with that road now as the best of a bunch of weak options. -Patrick ___ TLS mailing list TLS@ietf.org

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Aaron Zauner wrote: (of course I'd opt for SSLv5 just to mess with people). I'm surprised nobody has yet suggested retroactive renaming: SSLv4 == TLS 1.0 SSLv5 == TLS 1.1 SSLv6 == TLS 1.2 SSLv7 == TLS 1.3 Mike ___ TLS

Re: [TLS] Confirming consensus: TLS1.3->TLS*

* Sean Turner [18/11/2016 03:13:23] wrote: > At IETF 97, the chairs lead a discussion to resolve whether the WG should > rebrand TLS1.3 to something else. Slides can be found @ > https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf. > > The

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> after considering all of the good points that have been circulating, I would > like to change my vote Woah, are you new here? :) ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> Can’t we borrow one from tictoc? Ever since they merged with NTP, it seems to be lost in a time loop and nobody can find it. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Benjamin <david...@chromium.org<mailto:david...@chromium.org>>, Tony Arcieri <basc...@gmail.com<mailto:basc...@gmail.com>>, "<tls@ietf.org<mailto:tls@ietf.org>>" <tls@ietf.org<mailto:tls@ietf.org>> Date:12/02/201

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> On Dec 2, 2016, at 3:33 AM, Peter Gutmann wrote: > > If no-one from Microsoft has any objections, can we just rename it back to > what it's always been for everyone but us, SSL? I was with you up to this point, but I do think that going back to SSL is not a good

Re: [TLS] Confirming consensus: TLS1.3->TLS*

.auckland.ac.nz>, Stephen Farrell <stephen.farr...@cs.tcd.ie>, David Benjamin <david...@chromium.org>, Tony Arcieri <basc...@gmail.com>, "<tls@ietf.org>" <tls@ietf.org> Date: 12/02/2016 12:34 PM Subject:Re: [TLS] Confirming consensus: TLS1.3->

Re: [TLS] Confirming consensus: TLS1.3->TLS*

mann <pgut...@cs.auckland.ac.nz>; Stephen Farrell <stephen.farr...@cs.tcd.ie>; David Benjamin <david...@chromium.org>; Tony Arcieri <basc...@gmail.com>; <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* On Fri 2016-12-02 03:3

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> On 2 Dec 2016, at 19:58, David Benjamin wrote: > > (To clarify, I was not at all suggesting we go back to SSL. If we had a time > machine, I might make other suggestions, but as far as I know we do not.) Can’t we borrow one from tictoc?

Re: [TLS] Confirming consensus: TLS1.3->TLS*

gt; david...@chromium.org>; Tony Arcieri <basc...@gmail.com>; <tls@ietf.org> < > tls@ietf.org> > Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* > > Stephen Farrell <stephen.farr...@cs.tcd.ie> writes: > > >IIRC that was sort-of a condition for adopt

Re: [TLS] Confirming consensus: TLS1.3->TLS*

m.org>; Tony Arcieri <basc...@gmail.com>; <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* Stephen Farrell <stephen.farr...@cs.tcd.ie> writes: >IIRC that was sort-of a condition for adoption of the work in the IETF >20

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Friday, 2 December 2016 16:12:05 CET Salz, Rich wrote: > > Here's a useful and effective meme for convincing bosses that it's ok to > > turn off SSLv3: all known versions of SSL are broken and should never be > > used. Please do not break this meme by trying to rename TLS to SSL. > > Is "all

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On 02/12/16 14:53, Thomas Pornin wrote: Commercial CA tend to sell "SSL certificates", not "TLS certificates" or "SSL/TLS certificates". It's worse than that. Many customers, and even some salespeople, seem to think that we sell "SSLs". -- Rob Stradling Senior Research & Development

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> Here's a useful and effective meme for convincing bosses that it's ok to turn > off SSLv3: all known versions of SSL are broken and should never be used. > Please do not break this meme by trying to rename TLS to SSL. Is "all known versions before SSL 4" that much worse?

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Hi all, The point is we are now indeed on draft 18. Changing the name now is very problematic because everybody on the mailinglist already calls it TLS 1.3, for a long time and no matter what you do, a lot of us (who are hopefully the experts) will keep referring to it under that name. If you

Re: [TLS] Confirming consensus: TLS1.3->TLS*

The bottom line is that this is an unanswerable question. My advice is to not change the name, because I think more name changes = more confusion and it is _way_ too late to put TLS back in the box. But what do I know--I'm just an end user! :) On Fri, Dec 2, 2016 at 9:42 AM, Hubert Kario

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, Dec 02, 2016 at 02:17:24PM +, Ackermann, Michael wrote: > In Enterprise circles TLS is an unknown acronym and as painful as it > is, we must usually refer to it as SSL, before anyone knows what we > are talking about. Software products are guilty too. Parameter > fields frequently

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Friday, 2 December 2016 14:12:38 CET Salz, Rich wrote: > > SSL 2 < SSL 3 < "SSL" 1.0 < "SSL" 1.1 < "SSL" 1.2 < "SSL" 4 is not logical > > ordering > > So? Who cares? A couple-hundred people in the IETF. And the issue is that > SSL 3 < "SSL" 1.0 which is the issue no matter what we call what

Re: [TLS] Confirming consensus: TLS1.3->TLS*

- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Ted Lemon Sent: Friday, December 2, 2016 8:59 AM To: Salz, Rich <rs...@akamai.com> Cc: tls@ietf.org Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* Rich, I don't think there is any explanation that can be given for the assertio

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> SSL 2 < SSL 3 < "SSL" 1.0 < "SSL" 1.1 < "SSL" 1.2 < "SSL" 4 is not logical > ordering So? Who cares? A couple-hundred people in the IETF. And the issue is that SSL 3 < "SSL" 1.0 which is the issue no matter what we call what we're doing here. And the quotes around the last SSL do not

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Friday, 2 December 2016 14:04:36 CET Salz, Rich wrote: > Nobody knows the difference tween 1.0 1.1 1.2 > > SSL 4 or SSL 4.0 is a bigger number than 1.x and uses the same term that > everyone, including our industry, uses. If someone sees "TLS 1.2" and > thinks "wow, that's so much worse than

Re: [TLS] Confirming consensus: TLS1.3->TLS*

"Salz, Rich" writes: People already know that SSL3 is worse than "SSL" 1.0 though 1.2 , it's logical that SSL 1.3 continues that trend. creating "SSL" 4 will bring more confusion. Please explain that assertion. I was going to ask that too, the quoted text seems..., well,

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Friday, 2 December 2016 13:47:20 CET Salz, Rich wrote: > > People already know that SSL3 is worse than "SSL" 1.0 though 1.2 , it's > > logical that SSL 1.3 continues that trend. creating "SSL" 4 will bring > > more confusion. > > Please explain that assertion. SSL 2 < SSL 3 < "SSL" 1.0 <

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Nobody knows the difference tween 1.0 1.1 1.2 SSL 4 or SSL 4.0 is a bigger number than 1.x and uses the same term that everyone, including our industry, uses. If someone sees "TLS 1.2" and thinks "wow, that's so much worse than SSL 4 because the number is so much smaller," then isn't that a

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Rich, I don't think there is any explanation that can be given for the assertion without collecting a lot of data. That said, the objection makes sense to me. I certainly think of SSL as poison. Of course, the average Joe on the street doesn't even know what TLS stands for, but the people

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Friday, 2 December 2016 03:12:41 CET Peter Gutmann wrote: > Tony Arcieri writes: > >There's already ample material out there (papers, presentations, mailing > >list discussions, etc) which talks about "TLS 1.3". > > In other words, the TLS WG and a small number of people

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Yoav Nir writes: >The way I’ve heard it “SSL” is a registered trademark owned by Netscape (now >AOL), so we can’t use it unless AOL lawyers sign off on that. It might be >wrong, but if it’s true - good luck with that.

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> On 2 Dec 2016, at 10:33, Peter Gutmann wrote: > > Stephen Farrell writes: > >> IIRC that was sort-of a condition for adoption of the work in the IETF 20 >> years ago, when there were two different protocols already being deployed and >>

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Stephen Farrell writes: >IIRC that was sort-of a condition for adoption of the work in the IETF 20 >years ago, when there were two different protocols already being deployed and >the proponents of one of them said "we'll use that other one (SSL) but you >gotta change

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On 12/2/16 at 8:48 PM, rs...@akamai.com (Salz, Rich) wrote: And also, the world will not care about a gap in numbering. Nobody cared that there was no Windows 9. If we go with 2017, we can tell the world that by using the year the standard was approved, instead of a confusing set of names

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> If we call the next one 4, we have to explain a gap in the versioning (1.0, > 1.1, 1.2, 4?) and placing 2.0 and 3.0 after 1.2 becomes even more inviting. No we don't have to explain it. Most of the world isn't OCD types like those of us in this field. > Once SSL 3.0 falls away, we'll be

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> In other words, the TLS WG and a small number of people who interact with > it call it TLS 1.3.  That's hardly a strong argument when most of the rest of > the > world doesn't even call it TLS. Strongly agreed > pretty much the only reasons I've seen for TLS 1.3 are > inertia, "we've always

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Tony Arcieri writes: >There's already ample material out there (papers, presentations, mailing list >discussions, etc) which talks about "TLS 1.3". In other words, the TLS WG and a small number of people who interact with it call it TLS 1.3.  That's hardly a strong argument

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Thu, Dec 1, 2016 at 6:16 PM, Tony Arcieri wrote: > On Wed, Nov 30, 2016 at 8:43 PM, Viktor Dukhovni > wrote: >> >> > I actually completely agree with Timothy Jackson's recent posting: >> > >> > After 15 years, everyone but us still calls it SSL. We

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Wed, Nov 30, 2016 at 8:43 PM, Viktor Dukhovni wrote: > > I actually completely agree with Timothy Jackson's recent posting: > > > > After 15 years, everyone but us still calls it SSL. We need to > > admit that we lost the marketing battle and plan for a world where

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Nick Sullivan writes: >I took a very unofficial Twitter poll on this subject: >https://twitter.com/grittygrease/status/80364408215424 Given the lack of context for the question (an out-of-the-blue query to a random bunch of people on Twitter), I think the

Re: [TLS] Confirming consensus: TLS1.3->TLS*

I took a very unofficial Twitter poll on this subject: https://twitter.com/grittygrease/status/80364408215424 Nick On Tue, Nov 29, 2016 at 5:47 AM Raja ashok wrote: > I feel we can go ahead with TLS 1.3. > > Or else TLS 3.4, because anyway we send 0x0304 on wire for

Re: [TLS] Confirming consensus: TLS1.3->TLS*

of future crypto protocols (that TLS WG might work on) can be more specific and realistic.) -Original Message- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dave Garrett Sent: Tuesday, November 22, 2016 5:07 PM To: tls@ietf.org Subject: Re: [TLS] Confirm

Re: [TLS] Confirming consensus: TLS1.3->TLS*

realistic.) -Original Message- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dave Garrett Sent: Tuesday, November 22, 2016 5:07 PM To: tls@ietf.org Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* (replies to a bunch of ideas in this thread) As the person who lit the match unde

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Using the YEAR as Version was created to make sure that users having old versions of products that are constantly upgraded would feel the pressure to upgrade. This idea doesn't seem equally suitable for security protocols. TLS 4 would IMO be a logical choice since it is numerically higher than

Re: [TLS] Confirming consensus: TLS1.3->TLS*

(replies to a bunch of ideas in this thread) As the person who lit the match under this latest bikeshed debate, personally, I don't see a strong consensus building here. Leaving the bikeshed unpainted seems like the option we're headed for, at this rate. I'm fine with TLS 1.3 if that's the

Re: [TLS] Confirming consensus: TLS1.3->TLS*

I have a small preference for TLS 1.3. On Tue, Nov 22, 2016 at 10:04 AM, Scott Schmit wrote: > On Fri, Nov 18, 2016 at 11:12:48AM +0900, Sean Turner wrote: > > At IETF 97, the chairs lead a discussion to resolve whether the WG > should rebrand TLS1.3 to something else.

Re: [TLS] Confirming consensus: TLS1.3->TLS*

If it wasn't because we don't need more noise in this discussion I would have suggested SSL 5.0 which seems to be the logical conclusion from the reasoning people are using. Clearly, everyone thinks that the battle of replacing "SSL" with "TLS" in the popular and technical references to the

Re: [TLS] Confirming consensus: TLS1.3->TLS*

➢ You should be reluctant to draw too many conclusions from a field which you can only access by clicking through a big scary warning that you are voiding your warranty: Warranty? And sure, users never click through security warnings ☺ At any rate, this was intended to be a little

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Mon, 2016-11-21 at 19:34 +, Salz, Rich wrote: > Do "about:config" in firefox and look for TLS: > security.tls.version.max default integer 3 > > And then perhaps look at http://kb.mozillazine.org/Security.tls.version.* > (yes the star is part of the URL) > > EVEN MOZILLA

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Mon, Nov 21, 2016 at 2:51 PM, Yoav Nir wrote: > > > On 21 Nov 2016, at 20:43, Salz, Rich wrote: > > > > > >> With this in mind, I'm voting in favor of any re-branding of TLS 1.3 > where the > >> protocol name remains "TLS" and major version becomes > 1.

Re: [TLS] Confirming consensus: TLS1.3->TLS*

+1 to TLS 1.3. My strong preference is TLS 1.3. Reasons have been advanced ad-nauseam. Just a couple of additional thoughts: 1.3 is in the protocol. So there. "Perl 6". Just because you advance a version number to a big one, doesn't mean that businesses will see the justification to upgrade.

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Mon, Nov 21, 2016 at 11:34 AM, Salz, Rich wrote: > Do "about:config" in firefox and look for TLS: > security.tls.version.max default integer 3 > > And then perhaps look at http://kb.mozillazine.org/Security.tls.version.* > (yes the star is part of the URL) > >

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Throwing my hat into the ring, the basic record protocol has not changed. If anything, what is currently referred to as TLSv1.3 is really just a major update to the handshake messages. If the record protocol were to change to use a sane 4-byte header (which I proposed many months ago), then I

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> On 21 Nov 2016, at 20:43, Salz, Rich wrote: > > >> With this in mind, I'm voting in favor of any re-branding of TLS 1.3 where >> the >> protocol name remains "TLS" and major version becomes > 1. > > Me too. Agree ___ TLS

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Do "about:config" in firefox and look for TLS: security.tls.version.max default integer 3 And then perhaps look at http://kb.mozillazine.org/Security.tls.version.* (yes the star is part of the URL) EVEN MOZILLA can't get it "right."

Re: [TLS] Confirming consensus: TLS1.3->TLS*

In the room last week, I hummed for "TLS 4". that said, I overall agree with Andrei's sentiment.. > I'm voting in favor of any re-branding of TLS 1.3 where the > protocol name remains "TLS" and major version becomes > 1. HTH, =JeffH ___ TLS mailing

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Hello, On Mon, Nov 21, 2016 at 9:43 PM, Salz, Rich wrote: > > > With this in mind, I'm voting in favor of any re-branding of TLS 1.3 > where the > > protocol name remains "TLS" and major version becomes > 1. > > Me too. > > +1 -- SY, Dmitry Belyavsky

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> With this in mind, I'm voting in favor of any re-branding of TLS 1.3 where the > protocol name remains "TLS" and major version becomes > 1. Me too. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Confirming consensus: TLS1.3->TLS*

ains "TLS" and major version becomes > 1. Cheers, Andrei -Original Message- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Peter Gutmann Sent: Friday, November 18, 2016 6:41 PM To: Ilari Liusvaara <ilariliusva...@welho.com> Cc: <tls@ietf.org> <tls@ietf.org&

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> On Nov 20, 2016, at 7:56 PM, D. J. Bernstein wrote: > > Of course people who prioritize retaining the existing "TLS 1.3" > mindshare will be just as unhappy with "TLS 2017" as with "TLS 4", but > they'll get over it within a few years. :-) This worked well enough for IDNA2003

Re: [TLS] Confirming consensus: TLS1.3->TLS*

I give the chairs my full support for whatever colour they wish to paint this bikeshed. > On 18 Nov. 2016, at 1:12 pm, Sean Turner wrote: > > At IETF 97, the chairs lead a discussion to resolve whether the WG should > rebrand TLS1.3 to something else. Slides can be found @

Re: [TLS] Confirming consensus: TLS1.3->TLS*

gt; Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* The messages on the list seem to be perfectly split between "TLS 1.3" and "TLS 4". I suspect that the "TLS 2017" idea will break this impasse: * it shares the fundamental advantage that led to the "

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On 11/21/16 at 4:56 PM, d...@cr.yp.to (D. J. Bernstein) wrote: The messages on the list seem to be perfectly split between "TLS 1.3" and "TLS 4". I suspect that the "TLS 2017" idea will break this impasse: * it shares the fundamental advantage that led to the "TLS 4" idea; * it has the

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Sun, Nov 20, 2016 at 2:17 PM, Filippo Valsorda wrote: > I'm definitely for 1.3. > > I get where 4 is coming from, but 1.2 is not going anywhere soon, and we > spent the last 10 years training people that the high-numbered one is > bad, and that the 1.x ones are cool. > > I

Re: [TLS] Confirming consensus: TLS1.3->TLS*

The messages on the list seem to be perfectly split between "TLS 1.3" and "TLS 4". I suspect that the "TLS 2017" idea will break this impasse: * it shares the fundamental advantage that led to the "TLS 4" idea; * it has the additional advantage of making the age obvious; * it eliminates

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Rebrand 4. There is no reason not to. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Maintaining my hum from the meeting, I prefer keeping TLS 1.3 over renaming, primarily because there's now a good amount of documentation/implementation in the wild that refers to TLS 1.3, and we'll need to keep around the new equivalence of TLS 2 (or 4)=TLS 1.3. On Sat, Nov 19, 2016, 8:31 AM

Re: [TLS] Confirming consensus: TLS1.3->TLS*

"Then why is the library still > called OpenSSL?" All those arguments show basic confusion of what TLS is. Version numbers won't help solve that. Only going back to using the SSL name might. ___ TLS mailing list TLS@ietf.org

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Hi, I think that the presumption that most tech people (or even security people) won't have any trouble with the future version numbering of TLS is wrong. Yesterday morning, on an SAE Vehicle Electrical Systems Security call with some 40 auto security professionals present, I mentioned that TLS

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Ilari Liusvaara writes: >Nope, I was referring to the very technical property that if client sends a >TLS 1.3 handshake, a TLS 1.2 server can still successfully interop, provoded >that the client does TLS 1.2 too That's like saying that PGP and S/MIME are compatible

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Thu, Nov 17, 2016 at 9:12 PM, Sean Turner wrote: > At IETF 97, the chairs lead a discussion to resolve whether the WG should > rebrand TLS1.3 to something else. Slides can be found @ > https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf. > >

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On 2016-11-19 07:35, Victor Vasiliev wrote: On Fri, Nov 18, 2016 at 9:30 PM, Kazuho Oku > wrote: I oppose to going to TLS 4, due to the following reasons: * it might give people false notion that SSL 2.0, 3.0 is superior to TLS

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, Nov 18, 2016 at 9:30 PM, Kazuho Oku wrote: > I oppose to going to TLS 4, due to the following reasons: > > * it might give people false notion that SSL 2.0, 3.0 is superior to TLS > 1.0-1.2 > * if name the new protocol TLS 1.3, 2.0, or 2, then there would be no >

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Sat, Nov 19, 2016 at 02:41:04AM +, Peter Gutmann wrote: > Replying to several messages at once to save space: > > Ilari Liusvaara: > > >One can downnegotiate TLS 1.3 to TLS 1.2. > > Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him > whether it was possible to

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, 2016-11-18 at 13:19 -0800, Vlad Krasnov wrote: > > Well, for example, your website has twice as many mentions of SSL > > as TLS.  Why?  Why don't you have a product called "Universal TLS"? > > The ratio is the same for letsencrypto.org. TLS 1.0 had already > > existed for more then a

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Vlad Krasnov writes: >Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are >considered a major: just look at the difference between HTTP/2 and HTTP/1 - >those are completely different protocols. So are TLS 1.x and "1.3". It'd be interesting to hear from

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Replying to several messages at once to save space: Ilari Liusvaara: >One can downnegotiate TLS 1.3 to TLS 1.2. Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him whether it was possible to upgrade from an Apple II+ to an Apple IIe, he similarly said "yes, you unplug

Re: [TLS] Confirming consensus: TLS1.3->TLS*

2016-11-19 7:32 GMT+09:00 Eric Mill : > It seems like TLS 2 and TLS 2.0 have very little support, so it's really > just deciding between: > > TLS 1.3 > TLS 4 (or maybe 4.0) > > I oppose to going to TLS 4, due to the following reasons: * it might give people false notion that

Re: [TLS] Confirming consensus: TLS1.3->TLS*

I recognize I don't participate on this list very often, but I also agree with TLS 4.0 and Dan's argument. I teach an undergraduate security course at Michigan; students have enough trouble keeping track of SSL vs TLS versions as it is. Jumping to 4.0 allows us to end this versioning debacle now.

Re: [TLS] Confirming consensus: TLS1.3->TLS*

If we decide to move to some numeral higher than 3 to avoid confusion, I recommend *TLS 4*, but urge people to tell the story of the name in a way that retains some sense of continuity and logic. Here's a framing that makes sense: *TLS 4 is the fourth version of TLS* This framing will tell a

Re: [TLS] Confirming consensus: TLS1.3->TLS*

It seems like TLS 2 and TLS 2.0 have very little support, so it's really just deciding between: TLS 1.3 TLS 4 (or maybe 4.0) I'll just amplify Rich's and djb's points by noting that the cost of switching away from TLS 1.3 really only affects a very small number of people -- really just the

Re: [TLS] Confirming consensus: TLS1.3->TLS*

>In the end, it's just a label. And some folks here have tried to explain why labels matter. If you don't find those arguments compelling, that's fine. But if it's really "just" a label to you, then I'll assume we've seen your last post on this thread? :) -- Senior Architect, Akamai

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On 18 Nov 2016 21:10, "Peter Gutmann" wrote: > Which is kind of odd, because the consensus on the list when it was debated > here a while back was to not call it 1.3. Some of us stayed quiet for that conversation. I might speculate that it was because it wasn't a

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Hi all, The consensus in the room was to leave it as is, i.e., TLS1.3, and tonot rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision on the list so please let the list know your top choice between: - Leave it TLS 1.3 - Rebrand TLS 2.0 - Rebrand TLS 2 - Rebrand TLS 4 Is

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> People changing browser settings? Really? I was thinking about site admins. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Confirming consensus: TLS1.3->TLS*

It is imprinted in people's mind that minor version numbering = small improvements and compatibility. People for better or worse see a minor version as minor improvements and often disregard them considering the effort versus the payout - even if that is a single configuration change. That's how

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> Well, if the result of the confusion would be people *disabling* TLS 1.* in > favor of SSL 3.0, they would discover very quickly what is TLS, and why no > major browser works for them. People changing browser settings? Really? ___ TLS mailing list

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> Well, for example, your website has twice as many mentions of SSL as TLS. > Why? Why don't you have a product called "Universal TLS"? The ratio is the > same for letsencrypto.org. TLS 1.0 had already existed for more then a decade > before either place existed. BTW, at google, it's 20:1,

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> First: where can we see the study that proves people are indeed confused > that TLS > SSL? I don’t buy into that. Are people really confused after 17 > years > of TLS? Well, for example, your website has twice as many mentions of SSL as TLS. Why? Why don't you have a product called

Re: [TLS] Confirming consensus: TLS1.3->TLS*

+1 for TLS 1.3 anything else is confusing to everybody (the term 'SSL' is still very common in the layman vocabulary) That said, if I had to pick a second choice, then TLS4 would be my choice. Deb Cooley On Fri, Nov 18, 2016 at 3:26 PM, Joseph Birr-Pixton wrote: > For what

Re: [TLS] Confirming consensus: TLS1.3->TLS*

For what it's worth I would prefer TLS4. Cheers, Joe ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Confirming consensus: TLS1.3->TLS*

First: where can we see the study that proves people are indeed confused that TLS > SSL? I don’t buy into that. Are people really confused after 17 years of TLS? Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are considered a major: just look at the difference between

Re: [TLS] Confirming consensus: TLS1.3->TLS*

The largest number of users have the least amount of information, and they see version numbers as part of various user interfaces. It's clear how they will be inclined to guess 3>1.3>1.2>1.1>1.0 (very bad) but 4>3>1.2>1.1>1.0 (eliminating the problem as soon as 4 is supported). We've all heard

  1   2   >