Re: [TLS] Confirming consensus: TLS1.3->TLS*

On 2016-11-19 07:35, Victor Vasiliev wrote: On Fri, Nov 18, 2016 at 9:30 PM, Kazuho Oku > wrote: I oppose to going to TLS 4, due to the following reasons: * it might give people false notion that SSL 2.0, 3.0 is superior to TLS

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, Nov 18, 2016 at 9:30 PM, Kazuho Oku wrote: > I oppose to going to TLS 4, due to the following reasons: > > * it might give people false notion that SSL 2.0, 3.0 is superior to TLS > 1.0-1.2 > * if name the new protocol TLS 1.3, 2.0, or 2, then there would be no >

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Sat, Nov 19, 2016 at 02:41:04AM +, Peter Gutmann wrote: > Replying to several messages at once to save space: > > Ilari Liusvaara: > > >One can downnegotiate TLS 1.3 to TLS 1.2. > > Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him > whether it was possible to

[TLS] WGLC for draft-ietf-tls-rfc4492bis

All, This is a working group last call for the “4492bis to Standards Track" draft available @ http://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/. Please review the document and send your comments to the list by 9 December 2016. Note that we are particularly interesting in the issue

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, 2016-11-18 at 13:19 -0800, Vlad Krasnov wrote: > > Well, for example, your website has twice as many mentions of SSL > > as TLS.  Why?  Why don't you have a product called "Universal TLS"? > > The ratio is the same for letsencrypto.org. TLS 1.0 had already > > existed for more then a

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Vlad Krasnov writes: >Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are >considered a major: just look at the difference between HTTP/2 and HTTP/1 - >those are completely different protocols. So are TLS 1.x and "1.3". It'd be interesting to hear from

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Replying to several messages at once to save space: Ilari Liusvaara: >One can downnegotiate TLS 1.3 to TLS 1.2. Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him whether it was possible to upgrade from an Apple II+ to an Apple IIe, he similarly said "yes, you unplug

Re: [TLS] Confirming consensus: TLS1.3->TLS*

2016-11-19 7:32 GMT+09:00 Eric Mill : > It seems like TLS 2 and TLS 2.0 have very little support, so it's really > just deciding between: > > TLS 1.3 > TLS 4 (or maybe 4.0) > > I oppose to going to TLS 4, due to the following reasons: * it might give people false notion that

Re: [TLS] Confirming consensus: TLS1.3->TLS*

I recognize I don't participate on this list very often, but I also agree with TLS 4.0 and Dan's argument. I teach an undergraduate security course at Michigan; students have enough trouble keeping track of SSL vs TLS versions as it is. Jumping to 4.0 allows us to end this versioning debacle now.

Re: [TLS] Confirming consensus: TLS1.3->TLS*

If we decide to move to some numeral higher than 3 to avoid confusion, I recommend *TLS 4*, but urge people to tell the story of the name in a way that retains some sense of continuity and logic. Here's a framing that makes sense: *TLS 4 is the fourth version of TLS* This framing will tell a

Re: [TLS] Confirming consensus: TLS1.3->TLS*

It seems like TLS 2 and TLS 2.0 have very little support, so it's really just deciding between: TLS 1.3 TLS 4 (or maybe 4.0) I'll just amplify Rich's and djb's points by noting that the cost of switching away from TLS 1.3 really only affects a very small number of people -- really just the

Re: [TLS] Confirming consensus: TLS1.3->TLS*

>In the end, it's just a label. And some folks here have tried to explain why labels matter. If you don't find those arguments compelling, that's fine. But if it's really "just" a label to you, then I'll assume we've seen your last post on this thread? :) -- Senior Architect, Akamai

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On 18 Nov 2016 21:10, "Peter Gutmann" wrote: > Which is kind of odd, because the consensus on the list when it was debated > here a while back was to not call it 1.3. Some of us stayed quiet for that conversation. I might speculate that it was because it wasn't a

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Hi all, The consensus in the room was to leave it as is, i.e., TLS1.3, and tonot rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision on the list so please let the list know your top choice between: - Leave it TLS 1.3 - Rebrand TLS 2.0 - Rebrand TLS 2 - Rebrand TLS 4 Is

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> People changing browser settings? Really? I was thinking about site admins. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Confirming consensus: TLS1.3->TLS*

It is imprinted in people's mind that minor version numbering = small improvements and compatibility. People for better or worse see a minor version as minor improvements and often disregard them considering the effort versus the payout - even if that is a single configuration change. That's how

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> Well, if the result of the confusion would be people *disabling* TLS 1.* in > favor of SSL 3.0, they would discover very quickly what is TLS, and why no > major browser works for them. People changing browser settings? Really? ___ TLS mailing list

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> Well, for example, your website has twice as many mentions of SSL as TLS. > Why? Why don't you have a product called "Universal TLS"? The ratio is the > same for letsencrypto.org. TLS 1.0 had already existed for more then a decade > before either place existed. BTW, at google, it's 20:1,

Re: [TLS] Confirming consensus: TLS1.3->TLS*

> First: where can we see the study that proves people are indeed confused > that TLS > SSL? I don’t buy into that. Are people really confused after 17 > years > of TLS? Well, for example, your website has twice as many mentions of SSL as TLS. Why? Why don't you have a product called

Re: [TLS] Confirming consensus: TLS1.3->TLS*

+1 for TLS 1.3 anything else is confusing to everybody (the term 'SSL' is still very common in the layman vocabulary) That said, if I had to pick a second choice, then TLS4 would be my choice. Deb Cooley On Fri, Nov 18, 2016 at 3:26 PM, Joseph Birr-Pixton wrote: > For what

Re: [TLS] Confirming consensus: TLS1.3->TLS*

For what it's worth I would prefer TLS4. Cheers, Joe ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Confirming consensus: TLS1.3->TLS*

First: where can we see the study that proves people are indeed confused that TLS > SSL? I don’t buy into that. Are people really confused after 17 years of TLS? Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are considered a major: just look at the difference between

Re: [TLS] Confirming consensus: TLS1.3->TLS*

The largest number of users have the least amount of information, and they see version numbers as part of various user interfaces. It's clear how they will be inclined to guess 3>1.3>1.2>1.1>1.0 (very bad) but 4>3>1.2>1.1>1.0 (eliminating the problem as soon as 4 is supported). We've all heard

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Christian Huitema wrote: > > I prefer TLS 1.3, because is signals continuity with the > ongoing TLS deployment efforts. As long as the awful hiding of the ContentType information in TLS Records remains in this protocol, it will *NOT* easily deploy as a replacement of TLSv1.2. I'm OK with TLS 4,

Re: [TLS] Confirming consensus: TLS1.3->TLS*

I am sick and tired of explaining to doc writers, UI designers, client admins, and developers that 1.2 >> 2, and this massive overhaul of the protocol merits more than a minor version bump in order to receive the public attention and migration effort that it deserves. TLS 2 and TLS 3 also have

Re: [TLS] Confirming consensus: TLS1.3->TLS*

I prefer TLS 1.3, because is signals continuity with the ongoing TLS deployment efforts. -- Christian Huitema > On Nov 18, 2016, at 6:47 AM, Ira McDonald wrote: > > Hi, > > +1 --- keep TLS 1.3 > > Cheers, > - Ira > >> On Fri, Nov 18, 2016 at 11:16 AM, Hubert Kario

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Friday, 18 November 2016 11:12:48 CET Sean Turner wrote: > At IETF 97, the chairs lead a discussion to resolve whether the WG should > rebrand TLS1.3 to something else. Slides can be found @ > https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr6 > 12-01.pdf. > > The

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On 2016-11-18 16:40, Ilari Liusvaara wrote: On Fri, Nov 18, 2016 at 01:03:50PM +, Peter Gutmann wrote: So you're saying that apart from the different algorithms, cipher suites, messages, message fields, message flow, handshaking, negotiation, extensions, and crypto, it's practically the

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, Nov 18, 2016 at 7:49 AM, Will Serumgard wrote: > At this point it is a little late to change. I say stay with TLS1.3. As > some others pointed out maybe we can make a jump in the next version. > Renumbering SSL 3.1 as TLS 1.0 was a mistake in the first place, but

Re: [TLS] Confirming consensus: TLS1.3->TLS*

At this point it is a little late to change. I say stay with TLS1.3. As some others pointed out maybe we can make a jump in the next version. Will Serumgard > On Nov 18, 2016, at 7:42 AM, Michael Ströder wrote: > >> On 2016-11-18 16:34, Eric Mill wrote: >> As really a

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On 2016-11-18 16:34, Eric Mill wrote: As really a non-participant in the WG, I don't expect my preference to count much, dito for in my case but for whatever it's worth, it would be: TLS 4 > TLS 2 > TLS 1.3 > TLS 2.0 +1 Ciao, Michael. ___ TLS

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, Nov 18, 2016 at 01:03:50PM +, Peter Gutmann wrote: > Ilari Liusvaara writes: > > >I would leave that sort of version changes to really major shifts where the > >compatiblity is completely broken. And TLS 1.3 is not that major change. > > So you're saying

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Thu, Nov 17, 2016 at 9:12 PM, Sean Turner wrote: > At IETF 97, the chairs lead a discussion to resolve whether the WG should > rebrand TLS1.3 to something else. Slides can be found @ > https://www.ietf.org/proceedings/97/slides/slides-97-tls- > rebranding-aka-pr612-01.pdf. >

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Renaming was brought up on the list before like Peter said. It was discussed with at least one chair during an interim, and I was told we'll bring it up when we're almost done because we don't want to distract the group now. And I'll attribute Martin's atypical heavy-handed comments to

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, Nov 18, 2016 at 11:12:48AM +0900, Sean Turner wrote: > At IETF 97, the chairs lead a discussion to resolve whether the WG > should rebrand TLS1.3 to something else. Slides can be found @ > https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf. > > The

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri, Nov 18, 2016 at 06:42:44PM +0900, Martin Thomson wrote: > There is no point in re-litigating this decision. The consensus call > was pretty clear in the room. My impression was that the list is where rough consensus is established, and consensus in "the room" does not preempt discussion

Re: [TLS] Confirming consensus: TLS1.3->TLS*

On 18 November 2016 at 11:12, Sean Turner wrote: > - Leave it TLS 1.3 There is no point in re-litigating this decision. The consensus call was pretty clear in the room. Perhaps the question would have been better phrased as: "does anyone have new information that would suggest

[TLS] Verifying the second HelloRequest in TLS 1.3

Hi, In section 4.1.2, the latest draft (18) states that a ClientHello sent in response to a HelloRetryRequest must be identical to the first one except for addition, modification, and removal of the designated extensions. To be precise, the draft states: In that case, the client MUST send