On 2016-11-19 07:35, Victor Vasiliev wrote:
On Fri, Nov 18, 2016 at 9:30 PM, Kazuho Oku > wrote:
I oppose to going to TLS 4, due to the following reasons:
* it might give people false notion that SSL 2.0, 3.0 is superior to TLS
On Fri, Nov 18, 2016 at 9:30 PM, Kazuho Oku wrote:
> I oppose to going to TLS 4, due to the following reasons:
>
> * it might give people false notion that SSL 2.0, 3.0 is superior to TLS
> 1.0-1.2
> * if name the new protocol TLS 1.3, 2.0, or 2, then there would be no
>
On Sat, Nov 19, 2016 at 02:41:04AM +, Peter Gutmann wrote:
> Replying to several messages at once to save space:
>
> Ilari Liusvaara:
>
> >One can downnegotiate TLS 1.3 to TLS 1.2.
>
> Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him
> whether it was possible to
All,
This is a working group last call for the “4492bis to Standards Track" draft
available @ http://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/. Please
review the document and send your comments to the list by 9 December 2016.
Note that we are particularly interesting in the issue
On Fri, 2016-11-18 at 13:19 -0800, Vlad Krasnov wrote:
> > Well, for example, your website has twice as many mentions of SSL
> > as TLS. Why? Why don't you have a product called "Universal TLS"?
> > The ratio is the same for letsencrypto.org. TLS 1.0 had already
> > existed for more then a
Vlad Krasnov writes:
>Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are
>considered a major: just look at the difference between HTTP/2 and HTTP/1 -
>those are completely different protocols.
So are TLS 1.x and "1.3". It'd be interesting to hear from
Replying to several messages at once to save space:
Ilari Liusvaara:
>One can downnegotiate TLS 1.3 to TLS 1.2.
Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him
whether it was possible to upgrade from an Apple II+ to an Apple IIe, he
similarly said "yes, you unplug
2016-11-19 7:32 GMT+09:00 Eric Mill :
> It seems like TLS 2 and TLS 2.0 have very little support, so it's really
> just deciding between:
>
> TLS 1.3
> TLS 4 (or maybe 4.0)
>
>
I oppose to going to TLS 4, due to the following reasons:
* it might give people false notion that
I recognize I don't participate on this list very often, but I also agree
with TLS 4.0 and Dan's argument. I teach an undergraduate security course
at Michigan; students have enough trouble keeping track of SSL vs TLS
versions as it is. Jumping to 4.0 allows us to end this versioning debacle
now.
If we decide to move to some numeral higher than 3 to avoid confusion, I
recommend *TLS 4*, but urge people to tell the story of the name in a way
that retains some sense of continuity and logic.
Here's a framing that makes sense:
*TLS 4 is the fourth version of TLS*
This framing will tell a
It seems like TLS 2 and TLS 2.0 have very little support, so it's really
just deciding between:
TLS 1.3
TLS 4 (or maybe 4.0)
I'll just amplify Rich's and djb's points by noting that the cost of
switching away from TLS 1.3 really only affects a very small number of
people -- really just the
>In the end, it's just a label.
And some folks here have tried to explain why labels matter. If you don't find
those arguments compelling, that's fine. But if it's really "just" a label to
you, then I'll assume we've seen your last post on this thread? :)
--
Senior Architect, Akamai
On 18 Nov 2016 21:10, "Peter Gutmann" wrote:
> Which is kind of odd, because the consensus on the list when it was
debated
> here a while back was to not call it 1.3.
Some of us stayed quiet for that conversation. I might speculate that it
was because it wasn't a
Hi all,
The consensus in the room was to leave it as is, i.e., TLS1.3, and
tonot rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this
decision on the list so please let the list know your top choice between:
- Leave it TLS 1.3
- Rebrand TLS 2.0
- Rebrand TLS 2
- Rebrand TLS 4
Is
> People changing browser settings? Really?
I was thinking about site admins.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
It is imprinted in people's mind that minor version numbering = small
improvements and compatibility. People for better or worse see a minor
version as minor improvements and often disregard them considering the
effort versus the payout - even if that is a single configuration change.
That's how
> Well, if the result of the confusion would be people *disabling* TLS 1.* in
> favor of SSL 3.0, they would discover very quickly what is TLS, and why no
> major browser works for them.
People changing browser settings? Really?
___
TLS mailing list
> Well, for example, your website has twice as many mentions of SSL as TLS.
> Why? Why don't you have a product called "Universal TLS"? The ratio is the
> same for letsencrypto.org. TLS 1.0 had already existed for more then a decade
> before either place existed. BTW, at google, it's 20:1,
> First: where can we see the study that proves people are indeed confused
> that TLS > SSL? I don’t buy into that. Are people really confused after 17
> years
> of TLS?
Well, for example, your website has twice as many mentions of SSL as TLS. Why?
Why don't you have a product called
+1 for TLS 1.3 anything else is confusing to everybody (the term 'SSL' is
still very common in the layman vocabulary)
That said, if I had to pick a second choice, then TLS4 would be my choice.
Deb Cooley
On Fri, Nov 18, 2016 at 3:26 PM, Joseph Birr-Pixton
wrote:
> For what
For what it's worth I would prefer TLS4.
Cheers,
Joe
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
First: where can we see the study that proves people are indeed confused that
TLS > SSL? I don’t buy into that. Are people really confused after 17 years of
TLS?
Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are
considered a major: just look at the difference between
The largest number of users have the least amount of information, and
they see version numbers as part of various user interfaces. It's clear
how they will be inclined to guess 3>1.3>1.2>1.1>1.0 (very bad) but
4>3>1.2>1.1>1.0 (eliminating the problem as soon as 4 is supported).
We've all heard
Christian Huitema wrote:
>
> I prefer TLS 1.3, because is signals continuity with the
> ongoing TLS deployment efforts.
As long as the awful hiding of the ContentType information in TLS Records
remains in this protocol, it will *NOT* easily deploy as a replacement
of TLSv1.2.
I'm OK with TLS 4,
I am sick and tired of explaining to doc writers, UI designers, client
admins, and developers that 1.2 >> 2, and this massive overhaul of the
protocol merits more than a minor version bump in order to receive the
public attention and migration effort that it deserves. TLS 2 and TLS 3
also have
I prefer TLS 1.3, because is signals continuity with the ongoing TLS deployment
efforts.
-- Christian Huitema
> On Nov 18, 2016, at 6:47 AM, Ira McDonald wrote:
>
> Hi,
>
> +1 --- keep TLS 1.3
>
> Cheers,
> - Ira
>
>> On Fri, Nov 18, 2016 at 11:16 AM, Hubert Kario
On Friday, 18 November 2016 11:12:48 CET Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr6
> 12-01.pdf.
>
> The
On 2016-11-18 16:40, Ilari Liusvaara wrote:
On Fri, Nov 18, 2016 at 01:03:50PM +, Peter Gutmann wrote:
So you're saying that apart from the different algorithms, cipher suites,
messages, message fields, message flow, handshaking, negotiation, extensions,
and crypto, it's practically the
On Fri, Nov 18, 2016 at 7:49 AM, Will Serumgard
wrote:
> At this point it is a little late to change. I say stay with TLS1.3. As
> some others pointed out maybe we can make a jump in the next version.
>
Renumbering SSL 3.1 as TLS 1.0 was a mistake in the first place, but
At this point it is a little late to change. I say stay with TLS1.3. As some
others pointed out maybe we can make a jump in the next version.
Will Serumgard
> On Nov 18, 2016, at 7:42 AM, Michael Ströder wrote:
>
>> On 2016-11-18 16:34, Eric Mill wrote:
>> As really a
On 2016-11-18 16:34, Eric Mill wrote:
As really a non-participant in the WG, I don't expect my preference to
count much,
dito for in my case
but for whatever it's worth, it would be:
TLS 4 > TLS 2 > TLS 1.3 > TLS 2.0
+1
Ciao, Michael.
___
TLS
On Fri, Nov 18, 2016 at 01:03:50PM +, Peter Gutmann wrote:
> Ilari Liusvaara writes:
>
> >I would leave that sort of version changes to really major shifts where the
> >compatiblity is completely broken. And TLS 1.3 is not that major change.
>
> So you're saying
On Thu, Nov 17, 2016 at 9:12 PM, Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-
> rebranding-aka-pr612-01.pdf.
>
Renaming was brought up on the list before like Peter said. It was discussed
with at least one chair during an interim, and I was told we'll bring it up
when we're almost done because we don't want to distract the group now. And
I'll attribute Martin's atypical heavy-handed comments to
On Fri, Nov 18, 2016 at 11:12:48AM +0900, Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG
> should rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
>
> The
On Fri, Nov 18, 2016 at 06:42:44PM +0900, Martin Thomson wrote:
> There is no point in re-litigating this decision. The consensus call
> was pretty clear in the room.
My impression was that the list is where rough consensus is
established, and consensus in "the room" does not preempt discussion
On 18 November 2016 at 11:12, Sean Turner wrote:
> - Leave it TLS 1.3
There is no point in re-litigating this decision. The consensus call
was pretty clear in the room.
Perhaps the question would have been better phrased as: "does anyone
have new information that would suggest
Hi,
In section 4.1.2, the latest draft (18) states that a ClientHello sent in
response to a HelloRetryRequest must be identical to the first one except
for addition, modification, and removal of the designated extensions.
To be precise, the draft states:
In that case, the client MUST send
38 matches
Mail list logo