Indeed, "all known versions of SSL are broken and should never be used" is what I've been telling people for a while now...
-----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Daniel Kahn Gillmor Sent: Friday, December 2, 2016 6:36 AM To: Peter Gutmann <pgut...@cs.auckland.ac.nz>; Stephen Farrell <stephen.farr...@cs.tcd.ie>; David Benjamin <david...@chromium.org>; Tony Arcieri <basc...@gmail.com>; <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* On Fri 2016-12-02 03:33:21 -0500, Peter Gutmann wrote: > If no-one from Microsoft has any objections, can we just rename it > back to what it's always been for everyone but us, SSL? fwiw, the industry (and stackexchange) uses "SSL" to mean all sorts of things, not only TLS. Yesterday i got an e-mail from a reputable CA reseller that said "Your SSL is expiring in two days! Buy a new SSL now!" Surely no one is proposing that we also re-name the X.509 certificate format to "SSL" just because vendors whose business models revolve around these products are confused about terminology. What else should we rename to "SSL" on that basis? Maybe a load-balancer is also "SSL"! Here's a useful and effective meme for convincing bosses that it's ok to turn off SSLv3: all known versions of SSL are broken and should never be used. Please do not break this meme by trying to rename TLS to SSL. I don't care about the bikeshed over the number: i'd be fine with any of TLS 1.3 or TLS 4 or TLS 2017. But can we please not create *even more* confusion by bikeshedding over the name itself? --dkg _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
