On Thu, Dec 1, 2016 at 10:12 PM Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Tony Arcieri <basc...@gmail.com> writes: > > >There's already ample material out there (papers, presentations, mailing > list > >discussions, etc) which talks about "TLS 1.3". > > In other words, the TLS WG and a small number of people who interact with > it > call it TLS 1.3. That's hardly a strong argument when most of the rest of > the > world doesn't even call it TLS. > > In fact that's something that's come up repeatedly in the bikeshedding so > far, > there are some really good, sound arguments for calling it TLS/SSL 4 or > TLS/SSL 2017, while pretty much the only reasons I've seen for TLS 1.3 are > inertia, "we've always called it that"/"I don't want to change"/etc. I think TLS 4 makes everything worse, not better. In hindsight, renaming SSL 3.1 was a terrible mistake. But TLS 1.2 is going to exist for a long time. If we call the next one 4, we have to explain a gap in the versioning (1.0, 1.1, 1.2, 4?) and placing 2.0 and 3.0 after 1.2 becomes even more inviting. Short of a time machine so we can call this SSL 3.4, the best fix is to let SSL 3.0 fall away. This is already semi-plausible (it's out of all browsers) and is only going to become more realistic over time. Certainly it will be faster than TLS 1.2 going away and undoing TLS 4's version gap problem. (TLS 1.3 even places SSL 3.0 as a MUST NOT, for what little teeth that has.) Once SSL 3.0 falls away, we'll be left with 1.0, 1.1, 1.2, and 1.3, which is a plausible numbering progression. There'll still be the mess with SSL being the informal name for the protocol family, but that isn't a numbering problem. David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
