+2 On removing all references to SSL.
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of darin.pet...@usbank.com Sent: Friday, December 2, 2016 1:55 PM To: Andrei Popov <andrei.po...@microsoft.com> Cc: TLS <tls-boun...@ietf.org>; <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* +1 with Andrei. "That SSL should never be used" is the one clear message we have so going back to SSL would muddy those waters too much. Strong vote for staying with TLS. It will become better known over time- especially with the current enterprise push to deprecate all SSL versions from use. Regarding the numbering schema, someone recently mentioned that probably only a few hundred of us are aware of the TLS 1.3 nomenclature at this point and I would concur with that. So, after considering all of the good points that have been circulating, I would like to change my vote to TLS 2017. It provides clarity, recognizes that it is a major change and pulls us out of the whole SSL/TLS numbering confusion/quagmire. Darin From: Andrei Popov <andrei.po...@microsoft.com<mailto:andrei.po...@microsoft.com>> To: Daniel Kahn Gillmor <d...@fifthhorseman.net<mailto:d...@fifthhorseman.net>>, Peter Gutmann <pgut...@cs.auckland.ac.nz<mailto:pgut...@cs.auckland.ac.nz>>, Stephen Farrell <stephen.farr...@cs.tcd.ie<mailto:stephen.farr...@cs.tcd.ie>>, David Benjamin <david...@chromium.org<mailto:david...@chromium.org>>, Tony Arcieri <basc...@gmail.com<mailto:basc...@gmail.com>>, "<tls@ietf.org<mailto:tls@ietf.org>>" <tls@ietf.org<mailto:tls@ietf.org>> Date: 12/02/2016 12:34 PM Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* Sent by: "TLS" <tls-boun...@ietf.org<mailto:tls-boun...@ietf.org>> ________________________________ Indeed, "all known versions of SSL are broken and should never be used" is what I've been telling people for a while now... -----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Daniel Kahn Gillmor Sent: Friday, December 2, 2016 6:36 AM To: Peter Gutmann <pgut...@cs.auckland.ac.nz<mailto:pgut...@cs.auckland.ac.nz>>; Stephen Farrell <stephen.farr...@cs.tcd.ie<mailto:stephen.farr...@cs.tcd.ie>>; David Benjamin <david...@chromium.org<mailto:david...@chromium.org>>; Tony Arcieri <basc...@gmail.com<mailto:basc...@gmail.com>>; <tls@ietf.org<mailto:tls@ietf.org>> <tls@ietf.org<mailto:tls@ietf.org>> Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* On Fri 2016-12-02 03:33:21 -0500, Peter Gutmann wrote: > If no-one from Microsoft has any objections, can we just rename it > back to what it's always been for everyone but us, SSL? fwiw, the industry (and stackexchange) uses "SSL" to mean all sorts of things, not only TLS. Yesterday i got an e-mail from a reputable CA reseller that said "Your SSL is expiring in two days! Buy a new SSL now!" Surely no one is proposing that we also re-name the X.509 certificate format to "SSL" just because vendors whose business models revolve around these products are confused about terminology. What else should we rename to "SSL" on that basis? Maybe a load-balancer is also "SSL"! Here's a useful and effective meme for convincing bosses that it's ok to turn off SSLv3: all known versions of SSL are broken and should never be used. Please do not break this meme by trying to rename TLS to SSL. I don't care about the bikeshed over the number: i'd be fine with any of TLS 1.3 or TLS 4 or TLS 2017. But can we please not create *even more* confusion by bikeshedding over the name itself? --dkg _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls U.S. BANCORP made the following annotations --------------------------------------------------------------------- Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation. --------------------------------------------------------------------- The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies. Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
