gt; *Sent:* Saturday, December 3, 2016 9:04 AM
> *To:* Sean Turner
> *Cc:*
> *Subject:* Re: [TLS] Confirming consensus: TLS1.3->TLS*
>
>
>
> On Thu, Nov 17, 2016 at 6:12 PM, Sean Turner wrote:
>
> The consensus in the room was to leave it as is, i.e., TLS1.3, and
+1 on Tony comment
- Keep this version TLS 1.3
- For the next version of TLS, drop the 1.x and call it TLS 4
Mohan Sekar
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Tony Arcieri
Sent: Saturday, December 3, 2016 9:04 AM
To: Sean Turner
Cc:
Subject: Re: [TLS] Confirming consensus
Tony Arcieri writes:
>There is now a huge body of work which calls the protocol "TLS 1.3"
When you say "huge body of work" you're referring to an IETF draft with "no
formal status, subject to change or removal at any time; therefore they should
not be cited or quoted in any formal document" (in
>
> The wire format is one thing, but there is work that has been done at a
> much higher level referencing "TLS 1.3", e.g. TRON work:
>
> http://prosecco.gforge.inria.fr/personal/karthik/pubs/
> proscript-tls-tron-2016.pdf
>
Thanks for the reference but this draft paper does not count as a
publi
On Fri, Dec 2, 2016 at 7:57 PM, Scott Schmit wrote:
> This draft has been in development since April 2014, 2.6 years ago.
> Over that time, the wire protocol has changed multiple times and
> incompatibly. So not even all of that 2.6 years of details is still
> applicable to the protocol we're go
On Fri, Dec 02, 2016 at 03:35:00AM +, David Benjamin wrote:
> I think TLS 4 makes everything worse, not better.
>
> In hindsight, renaming SSL 3.1 was a terrible mistake. But TLS 1.2 is going
> to exist for a long time. If we call the next one 4, we have to explain a
> gap in the versioning (1
On Fri, Dec 02, 2016 at 02:16:16PM -0800, Tony Arcieri wrote:
> On Fri, Dec 2, 2016 at 1:21 PM, Peter Gutmann
> wrote:
>
> > The change was proposed long ago, and deferred by the chairs until now.
> > This
> > is just another variant of the inertia argument.
>
>
> You keep dismissing this argum
> On Dec 2, 2016, at 10:34 PM, Tony Arcieri wrote:
>
> The consensus in the room was to leave it as is, i.e., TLS1.3, and to not
> rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision on
> the list so please let the list know your top choice between:
>
> - Leave it TLS 1.
On Thu, Nov 17, 2016 at 6:12 PM, Sean Turner wrote:
> The consensus in the room was to leave it as is, i.e., TLS1.3, and to not
> rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision
> on the list so please let the list know your top choice between:
>
> - Leave it TLS 1.3
> -
On Fri, Dec 2, 2016 at 1:21 PM, Peter Gutmann
wrote:
> The change was proposed long ago, and deferred by the chairs until now.
> This
> is just another variant of the inertia argument.
You keep dismissing this argument out of hand, but I think it has merit.
I think we can all admit the decisio
Viktor Dukhovni writes:
>I was with you up to this point, but I do think that going back to SSL is not
>a good idea, and takes us off topic.
It was just something to throw out there, and to point out that no matter what
the WG calls it, the rest of the world will keep calling it SSL. It's been
Maarten Bodewes writes:
>The point is we are now indeed on draft 18. Changing the name now is very
>problematic because everybody on the mailinglist already calls it TLS 1.3,
>for a long time and no matter what you do, a lot of us (who are hopefully the
>experts) will keep referring to it under t
On Dec 2, 2016, at 4:10 PM, Peter Gutmann wrote:
> Ugh, how very geeky,
Really?
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Hubert Kario writes:
>speaking of confusion, do you know that e-mail clients by "SSL" mean
>"SSL/TLS" and by "TLS" mean "STARTTLS"? (note the port numbers)
>https://sils.unc.edu/it-services/email-faq/outlook
>https://mail.aegee.org/smtp/kmail.html
>https://sils.unc.edu/it-services/my-computer/ema
I favor naming the result tls 1.3 - the X in 1.X has effectively become the
modern versioning field and we should stick with that road now as the best
of a bunch of weak options.
-Patrick
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/lis
Aaron Zauner wrote:
(of course I'd opt for SSLv5 just to mess with people).
I'm surprised nobody has yet suggested retroactive renaming:
SSLv4 == TLS 1.0
SSLv5 == TLS 1.1
SSLv6 == TLS 1.2
SSLv7 == TLS 1.3
Mike
___
TLS maili
* Sean Turner [18/11/2016 03:13:23] wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
>
> The consensus in the room
> after considering all of the good points that have been circulating, I would
> like to change my vote
Woah, are you new here? :)
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
> Can’t we borrow one from tictoc?
Ever since they merged with NTP, it seems to be lost in a time loop and nobody
can find it.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
+2
On removing all references to SSL.
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of darin.pet...@usbank.com
Sent: Friday, December 2, 2016 1:55 PM
To: Andrei Popov
Cc: TLS ;
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
+1 with Andrei.
"That SSL should never be used
> On Dec 2, 2016, at 3:33 AM, Peter Gutmann wrote:
>
> If no-one from Microsoft has any objections, can we just rename it back to
> what it's always been for everyone but us, SSL?
I was with you up to this point, but I do think that going back to SSL is
not a good idea, and takes us off topic.
12/02/2016 12:34 PM
Subject:Re: [TLS] Confirming consensus: TLS1.3->TLS*
Sent by:"TLS"
Indeed, "all known versions of SSL are broken and should never be used" is
what I've been telling people for a while now...
-Original Message-
From: TLS [
tmann ; Stephen Farrell
; David Benjamin ; Tony
Arcieri ;
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
On Fri 2016-12-02 03:33:21 -0500, Peter Gutmann wrote:
> If no-one from Microsoft has any objections, can we just rename it
> back to what it's always been for everyone but
> On 2 Dec 2016, at 19:58, David Benjamin wrote:
>
> (To clarify, I was not at all suggesting we go back to SSL. If we had a time
> machine, I might make other suggestions, but as far as I know we do not.)
Can’t we borrow one from tictoc?
___
TLS mai
eers,
>
> Andrei
>
> -Original Message-
> From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Peter Gutmann
> Sent: Friday, December 2, 2016 12:33 AM
> To: Stephen Farrell ; David Benjamin <
> david...@chromium.org>; Tony Arcieri ; <
> tls@ietf.org>
&
ket-style API,
which is not a requirement of this protocol.
Cheers,
Andrei
-Original Message-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Peter Gutmann
Sent: Friday, December 2, 2016 12:33 AM
To: Stephen Farrell ; David Benjamin
; Tony Arcieri ;
Subject: Re: [TLS] Confirming co
On Friday, 2 December 2016 16:12:05 CET Salz, Rich wrote:
> > Here's a useful and effective meme for convincing bosses that it's ok to
> > turn off SSLv3: all known versions of SSL are broken and should never be
> > used. Please do not break this meme by trying to rename TLS to SSL.
>
> Is "all kn
On 02/12/16 14:53, Thomas Pornin wrote:
Commercial CA tend to sell "SSL certificates", not "TLS certificates"
or "SSL/TLS certificates".
It's worse than that. Many customers, and even some salespeople, seem
to think that we sell "SSLs".
--
Rob Stradling
Senior Research & Development Scient
> Here's a useful and effective meme for convincing bosses that it's ok to turn
> off SSLv3: all known versions of SSL are broken and should never be used.
> Please do not break this meme by trying to rename TLS to SSL.
Is "all known versions before SSL 4" that much worse?
___
On Fri 2016-12-02 03:33:21 -0500, Peter Gutmann wrote:
> If no-one from Microsoft has any objections, can we just rename it back to
> what it's always been for everyone but us, SSL?
fwiw, the industry (and stackexchange) uses "SSL" to mean all sorts of
things, not only TLS. Yesterday i got an e-m
Hi all,
The point is we are now indeed on draft 18. Changing the name now is very
problematic because everybody on the mailinglist already calls it TLS 1.3,
for a long time and no matter what you do, a lot of us (who are hopefully
the experts) will keep referring to it under that name.
If you wan
The bottom line is that this is an unanswerable question. My advice
is to not change the name, because I think more name changes = more
confusion and it is _way_ too late to put TLS back in the box. But
what do I know--I'm just an end user! :)
On Fri, Dec 2, 2016 at 9:42 AM, Hubert Kario wr
On Fri, Dec 02, 2016 at 02:17:24PM +, Ackermann, Michael wrote:
> In Enterprise circles TLS is an unknown acronym and as painful as it
> is, we must usually refer to it as SSL, before anyone knows what we
> are talking about. Software products are guilty too. Parameter
> fields frequently
On Friday, 2 December 2016 14:12:38 CET Salz, Rich wrote:
> > SSL 2 < SSL 3 < "SSL" 1.0 < "SSL" 1.1 < "SSL" 1.2 < "SSL" 4 is not logical
> > ordering
>
> So? Who cares? A couple-hundred people in the IETF. And the issue is that
> SSL 3 < "SSL" 1.0 which is the issue no matter what we call what
ssage-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Ted Lemon
Sent: Friday, December 2, 2016 8:59 AM
To: Salz, Rich
Cc: tls@ietf.org
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
Rich, I don't think there is any explanation that can be given for the
assertion without col
> SSL 2 < SSL 3 < "SSL" 1.0 < "SSL" 1.1 < "SSL" 1.2 < "SSL" 4 is not logical
> ordering
So? Who cares? A couple-hundred people in the IETF. And the issue is that
SSL 3 < "SSL" 1.0 which is the issue no matter what we call what we're doing
here. And the quotes around the last SSL do not belo
On Friday, 2 December 2016 14:04:36 CET Salz, Rich wrote:
> Nobody knows the difference tween 1.0 1.1 1.2
>
> SSL 4 or SSL 4.0 is a bigger number than 1.x and uses the same term that
> everyone, including our industry, uses. If someone sees "TLS 1.2" and
> thinks "wow, that's so much worse than S
"Salz, Rich" writes:
People already know that SSL3 is worse than "SSL" 1.0 though 1.2 , it's logical
that SSL 1.3 continues that trend. creating "SSL" 4 will bring more confusion.
Please explain that assertion.
I was going to ask that too, the quoted text seems..., well, gibberish to me.
On Friday, 2 December 2016 13:47:20 CET Salz, Rich wrote:
> > People already know that SSL3 is worse than "SSL" 1.0 though 1.2 , it's
> > logical that SSL 1.3 continues that trend. creating "SSL" 4 will bring
> > more confusion.
>
> Please explain that assertion.
SSL 2 < SSL 3 < "SSL" 1.0 < "SSL"
Nobody knows the difference tween 1.0 1.1 1.2
SSL 4 or SSL 4.0 is a bigger number than 1.x and uses the same term that
everyone, including our industry, uses. If someone sees "TLS 1.2" and thinks
"wow, that's so much worse than SSL 4 because the number is so much smaller,"
then isn't that a go
Rich, I don't think there is any explanation that can be given for the
assertion without collecting a lot of data. That said, the objection
makes sense to me. I certainly think of SSL as poison. Of course,
the average Joe on the street doesn't even know what TLS stands for,
but the people who
> People already know that SSL3 is worse than "SSL" 1.0 though 1.2 , it's
> logical
> that SSL 1.3 continues that trend. creating "SSL" 4 will bring more confusion.
Please explain that assertion.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter:
On Friday, 2 December 2016 03:12:41 CET Peter Gutmann wrote:
> Tony Arcieri writes:
> >There's already ample material out there (papers, presentations, mailing
> >list discussions, etc) which talks about "TLS 1.3".
>
> In other words, the TLS WG and a small number of people who interact with it
>
On 2 December 2016 at 09:22, Yoav Nir wrote:
>
>> On 2 Dec 2016, at 10:33, Peter Gutmann wrote:
>>
>> Stephen Farrell writes:
>>
>>> IIRC that was sort-of a condition for adoption of the work in the IETF 20
>>> years ago, when there were two different protocols already being deployed
>>> and
>>
Yoav Nir writes:
>The way I’ve heard it “SSL” is a registered trademark owned by Netscape (now
>AOL), so we can’t use it unless AOL lawyers sign off on that. It might be
>wrong, but if it’s true - good luck with that.
http://tmsearch.uspto.gov/bin/showfield?f=toc&state=4810%3Ajoxwrl.1.1&p_search
> On 2 Dec 2016, at 10:33, Peter Gutmann wrote:
>
> Stephen Farrell writes:
>
>> IIRC that was sort-of a condition for adoption of the work in the IETF 20
>> years ago, when there were two different protocols already being deployed and
>> the proponents of one of them said "we'll use that othe
Stephen Farrell writes:
>IIRC that was sort-of a condition for adoption of the work in the IETF 20
>years ago, when there were two different protocols already being deployed and
>the proponents of one of them said "we'll use that other one (SSL) but you
>gotta change the name of the standard or w
On 02/12/16 03:35, David Benjamin wrote:
> In hindsight, renaming SSL 3.1 was a terrible mistake.
IIRC that was sort-of a condition for adoption of the work
in the IETF 20 years ago, when there were two different
protocols already being deployed and the proponents of one
of them said "we'll use
On 12/2/16 at 8:48 PM, rs...@akamai.com (Salz, Rich) wrote:
And also, the world will not care about a gap in numbering. Nobody cared that
there was no Windows 9.
If we go with 2017, we can tell the world that by using the year
the standard was approved, instead of a confusing set of names
> If we call the next one 4, we have to explain a gap in the versioning (1.0,
> 1.1, 1.2, 4?) and placing 2.0 and 3.0 after 1.2 becomes even more inviting.
No we don't have to explain it. Most of the world isn't OCD types like those
of us in this field.
> Once SSL 3.0 falls away, we'll be left
> In other words, the TLS WG and a small number of people who interact with
> it call it TLS 1.3. That's hardly a strong argument when most of the rest of
> the
> world doesn't even call it TLS.
Strongly agreed
> pretty much the only reasons I've seen for TLS 1.3 are
> inertia, "we've always ca
On Thu, Dec 1, 2016 at 10:12 PM Peter Gutmann
wrote:
> Tony Arcieri writes:
>
> >There's already ample material out there (papers, presentations, mailing
> list
> >discussions, etc) which talks about "TLS 1.3".
>
> In other words, the TLS WG and a small number of people who interact with
> it
>
Tony Arcieri writes:
>There's already ample material out there (papers, presentations, mailing list
>discussions, etc) which talks about "TLS 1.3".
In other words, the TLS WG and a small number of people who interact with it
call it TLS 1.3. That's hardly a strong argument when most of the rest
On Thu, Dec 1, 2016 at 6:16 PM, Tony Arcieri wrote:
> On Wed, Nov 30, 2016 at 8:43 PM, Viktor Dukhovni
> wrote:
>>
>> > I actually completely agree with Timothy Jackson's recent posting:
>> >
>> > After 15 years, everyone but us still calls it SSL. We need to
>> > admit that we lost the marke
On Wed, Nov 30, 2016 at 8:43 PM, Viktor Dukhovni
wrote:
> > I actually completely agree with Timothy Jackson's recent posting:
> >
> > After 15 years, everyone but us still calls it SSL. We need to
> > admit that we lost the marketing battle and plan for a world where
> > everyone calls “TL
> On Nov 30, 2016, at 11:28 PM, Peter Gutmann wrote:
>
> I actually completely agree with Timothy Jackson's recent posting:
>
> After 15 years, everyone but us still calls it SSL. We need to
> admit that we lost the marketing battle and plan for a world where
> everyone calls “TLS X” “S
Nick Sullivan writes:
>I took a very unofficial Twitter poll on this subject:
>https://twitter.com/grittygrease/status/80364408215424
Given the lack of context for the question (an out-of-the-blue query
to a random bunch of people on Twitter), I think the inevitable TLSy
McTLSface (given as
I took a very unofficial Twitter poll on this subject:
https://twitter.com/grittygrease/status/80364408215424
Nick
On Tue, Nov 29, 2016 at 5:47 AM Raja ashok wrote:
> I feel we can go ahead with TLS 1.3.
>
> Or else TLS 3.4, because anyway we send 0x0304 on wire for TLS 1.3.
>
>
>
> I hope
I feel we can go ahead with TLS 1.3.
Or else TLS 3.4, because anyway we send 0x0304 on wire for TLS 1.3.
I hope all other three options (TLS 2.0, TLS 2 and TLS 4) will make confusion
with SSL versions for end user.
Raja Ashok VK
华为技术有限公司 Huawei Technologies
might work on) can be more
specific and realistic.)
-Original Message-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dave Garrett
Sent: Tuesday, November 22, 2016 5:07 PM
To: tls@ietf.org
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
(replies to a
e more
specific and realistic.)
-Original Message-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dave Garrett
Sent: Tuesday, November 22, 2016 5:07 PM
To: tls@ietf.org
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
(replies to a bunch of ideas in this thread)
As the person wh
Using the YEAR as Version was created to make sure that users having old
versions
of products that are constantly upgraded would feel the pressure to upgrade.
This idea doesn't seem equally suitable for security protocols.
TLS 4 would IMO be a logical choice since it is numerically higher than
(replies to a bunch of ideas in this thread)
As the person who lit the match under this latest bikeshed debate, personally,
I don't see a strong consensus building here. Leaving the bikeshed unpainted
seems like the option we're headed for, at this rate. I'm fine with TLS 1.3 if
that's the resu
I have a small preference for TLS 1.3.
On Tue, Nov 22, 2016 at 10:04 AM, Scott Schmit wrote:
> On Fri, Nov 18, 2016 at 11:12:48AM +0900, Sean Turner wrote:
> > At IETF 97, the chairs lead a discussion to resolve whether the WG
> should rebrand TLS1.3 to something else. Slides can be found @
> h
On Fri, Nov 18, 2016 at 11:12:48AM +0900, Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
>
> The cons
If it wasn't because we don't need more noise in this discussion I would
have suggested SSL 5.0 which seems to be the logical conclusion from the
reasoning people are using. Clearly, everyone thinks that the battle of
replacing "SSL" with "TLS" in the popular and technical references to the
standar
➢ You should be reluctant to draw too many conclusions from a field which you
can only access by clicking through a big scary warning that you are voiding
your warranty:
Warranty?
And sure, users never click through security warnings ☺
At any rate, this was intended to be a little light-hearte
On Mon, 2016-11-21 at 19:34 +, Salz, Rich wrote:
> Do "about:config" in firefox and look for TLS:
> security.tls.version.max default integer 3
>
> And then perhaps look at http://kb.mozillazine.org/Security.tls.version.*
> (yes the star is part of the URL)
>
> EVEN MOZILLA can't
On Mon, Nov 21, 2016 at 2:51 PM, Yoav Nir wrote:
>
> > On 21 Nov 2016, at 20:43, Salz, Rich wrote:
> >
> >
> >> With this in mind, I'm voting in favor of any re-branding of TLS 1.3
> where the
> >> protocol name remains "TLS" and major version becomes > 1.
> >
> > Me too.
>
> Agree
>
I can live
+1 to TLS 1.3. My strong preference is TLS 1.3.
Reasons have been advanced ad-nauseam.
Just a couple of additional thoughts:
1.3 is in the protocol. So there.
"Perl 6". Just because you advance a version number to a big one,
doesn't mean that businesses will see the justification to upgrade.
On Mon, Nov 21, 2016 at 11:34 AM, Salz, Rich wrote:
> Do "about:config" in firefox and look for TLS:
> security.tls.version.max default integer 3
>
> And then perhaps look at http://kb.mozillazine.org/Security.tls.version.*
> (yes the star is part of the URL)
>
> EVEN MOZILLA can't
Throwing my hat into the ring, the basic record protocol has not changed.
If anything, what is currently referred to as TLSv1.3 is really just a major
update to the handshake messages.
If the record protocol were to change to use a sane 4-byte header (which I
proposed many months ago), then I t
> On 21 Nov 2016, at 20:43, Salz, Rich wrote:
>
>
>> With this in mind, I'm voting in favor of any re-branding of TLS 1.3 where
>> the
>> protocol name remains "TLS" and major version becomes > 1.
>
> Me too.
Agree
___
TLS mailing list
TLS@ietf.o
Do "about:config" in firefox and look for TLS:
security.tls.version.max default integer 3
And then perhaps look at http://kb.mozillazine.org/Security.tls.version.* (yes
the star is part of the URL)
EVEN MOZILLA can't get it "right."
___
In the room last week, I hummed for "TLS 4".
that said, I overall agree with Andrei's sentiment..
> I'm voting in favor of any re-branding of TLS 1.3 where the
> protocol name remains "TLS" and major version becomes > 1.
HTH,
=JeffH
___
TLS mailing
Hello,
On Mon, Nov 21, 2016 at 9:43 PM, Salz, Rich wrote:
> With this in mind, I'm voting in favor of any re-branding of TLS 1.3
where the
> protocol name remains "TLS" and major version becomes > 1.
I originally hummed for 1.3 in the room as that is what people (that are
currently aware of i
Hello,
On Mon, Nov 21, 2016 at 9:43 PM, Salz, Rich wrote:
>
> > With this in mind, I'm voting in favor of any re-branding of TLS 1.3
> where the
> > protocol name remains "TLS" and major version becomes > 1.
>
> Me too.
>
> +1
--
SY, Dmitry Belyavsky
__
> With this in mind, I'm voting in favor of any re-branding of TLS 1.3 where the
> protocol name remains "TLS" and major version becomes > 1.
Me too.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
l name remains "TLS" and major version becomes > 1.
Cheers,
Andrei
-Original Message-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Peter Gutmann
Sent: Friday, November 18, 2016 6:41 PM
To: Ilari Liusvaara
Cc:
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
Repl
On 11/17/2016 06:12 PM, Sean Turner wrote:
At IETF 97, the chairs lead a discussion to resolve whether the WG should
rebrand TLS1.3 to something else. Slides can be found @
https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
The consensus in the room was to l
Eric Mill writes:
>The near-term annoyance of renaming things by folks close to the WG, and the
>chance of some confusion around the edges, seem like small issues compared to
>a positive investment in bending the sanity curve of the next 20 years of
>lazy enterprise decisions.
+1. I was reading
> On Nov 20, 2016, at 7:56 PM, D. J. Bernstein wrote:
>
> Of course people who prioritize retaining the existing "TLS 1.3"
> mindshare will be just as unhappy with "TLS 2017" as with "TLS 4", but
> they'll get over it within a few years. :-)
This worked well enough for IDNA2003 and IDNA2008 (th
I give the chairs my full support for whatever colour they wish to paint this
bikeshed.
> On 18 Nov. 2016, at 1:12 pm, Sean Turner wrote:
>
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.iet
gt;
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
The messages on the list seem to be perfectly split between "TLS 1.3"
and "TLS 4". I suspect that the "TLS 2017" idea will break this impasse:
* it shares the fundamental advantage that led to the "
On 11/21/16 at 4:56 PM, d...@cr.yp.to (D. J. Bernstein) wrote:
The messages on the list seem to be perfectly split between "TLS 1.3"
and "TLS 4". I suspect that the "TLS 2017" idea will break this impasse:
* it shares the fundamental advantage that led to the "TLS 4" idea;
* it has the addition
On Sun, Nov 20, 2016 at 2:17 PM, Filippo Valsorda wrote:
> I'm definitely for 1.3.
>
> I get where 4 is coming from, but 1.2 is not going anywhere soon, and we
> spent the last 10 years training people that the high-numbered one is
> bad, and that the 1.x ones are cool.
>
> I really don't want to
I mildly prefer TLS 1.3 to TLS 2 and TLS 4 (If we're going to rev the major
version number we should abandon the minor one).
TLS 2017 strikes me as quite bad; we're certainly not planning to do a TLS
2018. I am strongly opposed to TLS 2017.
-Ekr
On Fri, Nov 18, 2016 at 11:12 AM, Sean Turner wro
The messages on the list seem to be perfectly split between "TLS 1.3"
and "TLS 4". I suspect that the "TLS 2017" idea will break this impasse:
* it shares the fundamental advantage that led to the "TLS 4" idea;
* it has the additional advantage of making the age obvious;
* it eliminates t
I'm definitely for 1.3.
I get where 4 is coming from, but 1.2 is not going anywhere soon, and we
spent the last 10 years training people that the high-numbered one is
bad, and that the 1.x ones are cool.
I really don't want to have the following conversation, with the exact
same people the propon
Rebrand 4. There is no reason not to.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
What Jeff said makes a ton of sense to me.
"TLS 2017" would solve the problems that "TLS 4 solves," without being
confusing, and with the added benefit that the age is painfully obvious. I
see big wins all around.
The downsides I see are that there is no major/minor distinction, and it
would be
Maintaining my hum from the meeting, I prefer keeping TLS 1.3 over
renaming, primarily because there's now a good amount of
documentation/implementation in the wild that refers to TLS 1.3, and we'll
need to keep around the new equivalence of TLS 2 (or 4)=TLS 1.3.
On Sat, Nov 19, 2016, 8:31 AM Ira
"Then why is the library still
> called OpenSSL?"
All those arguments show basic confusion of what TLS is. Version numbers won't
help solve that.
Only going back to using the SSL name might.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mail
Hi,
I think that the presumption that most tech people (or even security people)
won't have any trouble with the future version numbering of TLS is wrong.
Yesterday morning, on an SAE Vehicle Electrical Systems Security call with
some 40 auto security professionals present, I mentioned that TLS 1
Ilari Liusvaara writes:
>Nope, I was referring to the very technical property that if client sends a
>TLS 1.3 handshake, a TLS 1.2 server can still successfully interop, provoded
>that the client does TLS 1.2 too
That's like saying that PGP and S/MIME are compatible because if a client
sends a P
Viktor Dukhovni writes:
>If a majority of the WG prefers the status quo because 3 is a Gaussian prime,
>and 4 is bad karma in China
Just as long as we don't end up going for version .
Peter.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/m
On Sat, Nov 19, 2016 at 01:35:41AM -0500, Victor Vasiliev wrote:
> TLS 4 is a confusing name that, as far as I can tell, cannot actually make
> things better. Right now we have:
>
> SSL 2 -> SSL 3 -> TLS 1.0 -> TLS 1.1 -> TLS 1.2 -> TLS 1.3 (1)
>
> Now, some people may get confused by this
On Thu, Nov 17, 2016 at 9:12 PM, Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
>
> The consensus in
On 2016-11-19 07:35, Victor Vasiliev wrote:
On Fri, Nov 18, 2016 at 9:30 PM, Kazuho Oku mailto:kazuho...@gmail.com>> wrote:
I oppose to going to TLS 4, due to the following reasons:
* it might give people false notion that SSL 2.0, 3.0 is superior to TLS
1.0-1.2
* if name the new
On Fri, Nov 18, 2016 at 9:30 PM, Kazuho Oku wrote:
> I oppose to going to TLS 4, due to the following reasons:
>
> * it might give people false notion that SSL 2.0, 3.0 is superior to TLS
> 1.0-1.2
> * if name the new protocol TLS 1.3, 2.0, or 2, then there would be no
> confusion once SSL goes
1 - 100 of 145 matches
Mail list logo
