Vlad Krasnov <v...@cloudflare.com> writes: >Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are >considered a major: just look at the difference between HTTP/2 and HTTP/1 - >those are completely different protocols.
So are TLS 1.x and "1.3". It'd be interesting to hear from other implementers on this, but my secure-tunnel code consists of a high-level framework that handles things at an abstract level, client hello, server hello, keyex, keyex- auth, finished, and subsequent stuff, and that's the same for both TLS and SSH (I use TLS names for consistency, but SSH does the same things under its own names). The bit-bagging for the two is obviously quite different, but the high-level handling is taken from the same code. For "1.3" I looked at what it'd take to bolt it onto the side of the other 1.x code and it'd end up as this weird hermaphrodite mixture with huge amounts of effort devoted to trying to track whether it's meant to be acting as 1.x or "1.3", with the accompanying opportunity for problems if I miss something and drop from 1.x to "1.3" or the other way round. The easiest way to implement it is as a new protocol, trying to pretend that 1.x and "1.3" are the same thing just leads to an implementation nightmare when you have to keep the two distinct. So at least from this implementation's point of view, they're different protocols. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
