On Fri, Dec 2, 2016 at 7:57 PM, Scott Schmit wrote:
> This draft has been in development since April 2014, 2.6 years ago.
> Over that time, the wire protocol has changed multiple times and
> incompatibly. So not even all of that 2.6 years of details is still
> applicable to the protocol we're go
On Fri, Dec 02, 2016 at 03:35:00AM +, David Benjamin wrote:
> I think TLS 4 makes everything worse, not better.
>
> In hindsight, renaming SSL 3.1 was a terrible mistake. But TLS 1.2 is going
> to exist for a long time. If we call the next one 4, we have to explain a
> gap in the versioning (1
On Fri, Dec 02, 2016 at 02:16:16PM -0800, Tony Arcieri wrote:
> On Fri, Dec 2, 2016 at 1:21 PM, Peter Gutmann
> wrote:
>
> > The change was proposed long ago, and deferred by the chairs until now.
> > This
> > is just another variant of the inertia argument.
>
>
> You keep dismissing this argum
> On Dec 2, 2016, at 10:34 PM, Tony Arcieri wrote:
>
> The consensus in the room was to leave it as is, i.e., TLS1.3, and to not
> rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision on
> the list so please let the list know your top choice between:
>
> - Leave it TLS 1.
On Thu, Nov 17, 2016 at 6:12 PM, Sean Turner wrote:
> The consensus in the room was to leave it as is, i.e., TLS1.3, and to not
> rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision
> on the list so please let the list know your top choice between:
>
> - Leave it TLS 1.3
> -
On Fri, Dec 2, 2016 at 1:21 PM, Peter Gutmann
wrote:
> The change was proposed long ago, and deferred by the chairs until now.
> This
> is just another variant of the inertia argument.
You keep dismissing this argument out of hand, but I think it has merit.
I think we can all admit the decisio
Viktor Dukhovni writes:
>I was with you up to this point, but I do think that going back to SSL is not
>a good idea, and takes us off topic.
It was just something to throw out there, and to point out that no matter what
the WG calls it, the rest of the world will keep calling it SSL. It's been
Maarten Bodewes writes:
>The point is we are now indeed on draft 18. Changing the name now is very
>problematic because everybody on the mailinglist already calls it TLS 1.3,
>for a long time and no matter what you do, a lot of us (who are hopefully the
>experts) will keep referring to it under t
On Dec 2, 2016, at 4:10 PM, Peter Gutmann wrote:
> Ugh, how very geeky,
Really?
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Hubert Kario writes:
>speaking of confusion, do you know that e-mail clients by "SSL" mean
>"SSL/TLS" and by "TLS" mean "STARTTLS"? (note the port numbers)
>https://sils.unc.edu/it-services/email-faq/outlook
>https://mail.aegee.org/smtp/kmail.html
>https://sils.unc.edu/it-services/my-computer/ema
I favor naming the result tls 1.3 - the X in 1.X has effectively become the
modern versioning field and we should stick with that road now as the best
of a bunch of weak options.
-Patrick
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/lis
Aaron Zauner wrote:
(of course I'd opt for SSLv5 just to mess with people).
I'm surprised nobody has yet suggested retroactive renaming:
SSLv4 == TLS 1.0
SSLv5 == TLS 1.1
SSLv6 == TLS 1.2
SSLv7 == TLS 1.3
Mike
___
TLS maili
* Sean Turner [18/11/2016 03:13:23] wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
>
> The consensus in the room
> after considering all of the good points that have been circulating, I would
> like to change my vote
Woah, are you new here? :)
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
> Can’t we borrow one from tictoc?
Ever since they merged with NTP, it seems to be lost in a time loop and nobody
can find it.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
+2
On removing all references to SSL.
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of darin.pet...@usbank.com
Sent: Friday, December 2, 2016 1:55 PM
To: Andrei Popov
Cc: TLS ;
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
+1 with Andrei.
"That SSL should never be used" is the o
> On Dec 2, 2016, at 3:33 AM, Peter Gutmann wrote:
>
> If no-one from Microsoft has any objections, can we just rename it back to
> what it's always been for everyone but us, SSL?
I was with you up to this point, but I do think that going back to SSL is
not a good idea, and takes us off topic.
+1 with Andrei.
"That SSL should never be used" is the one clear message we have so going
back to SSL would muddy those waters too much. Strong vote for staying
with TLS. It will become better known over time- especially with the
current enterprise push to deprecate all SSL versions from use
Indeed, "all known versions of SSL are broken and should never be used" is what
I've been telling people for a while now...
-Original Message-
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Daniel Kahn Gillmor
Sent: Friday, December 2, 2016 6:36 AM
To: Peter Gutmann ; Stephen Farrel
> On 2 Dec 2016, at 19:58, David Benjamin wrote:
>
> (To clarify, I was not at all suggesting we go back to SSL. If we had a time
> machine, I might make other suggestions, but as far as I know we do not.)
Can’t we borrow one from tictoc?
___
TLS mai
(To clarify, I was not at all suggesting we go back to SSL. If we had a
time machine, I might make other suggestions, but as far as I know we do
not.)
On Fri, Dec 2, 2016 at 12:45 PM Andrei Popov
wrote:
> Not that I can speak for the whole of Microsoft, but I would not drop TLS
> support in Wind
Not that I can speak for the whole of Microsoft, but I would not drop TLS
support in Windows if it were renamed "SSL":).
However, "transport layer security" makes a lot more sense to me than "secure
sockets layer" because the latter seems to imply network socket-style API,
which is not a requir
On Friday, 2 December 2016 16:12:05 CET Salz, Rich wrote:
> > Here's a useful and effective meme for convincing bosses that it's ok to
> > turn off SSLv3: all known versions of SSL are broken and should never be
> > used. Please do not break this meme by trying to rename TLS to SSL.
>
> Is "all kn
On 02/12/16 14:53, Thomas Pornin wrote:
Commercial CA tend to sell "SSL certificates", not "TLS certificates"
or "SSL/TLS certificates".
It's worse than that. Many customers, and even some salespeople, seem
to think that we sell "SSLs".
--
Rob Stradling
Senior Research & Development Scient
> Here's a useful and effective meme for convincing bosses that it's ok to turn
> off SSLv3: all known versions of SSL are broken and should never be used.
> Please do not break this meme by trying to rename TLS to SSL.
Is "all known versions before SSL 4" that much worse?
___
On Fri 2016-12-02 03:33:21 -0500, Peter Gutmann wrote:
> If no-one from Microsoft has any objections, can we just rename it back to
> what it's always been for everyone but us, SSL?
fwiw, the industry (and stackexchange) uses "SSL" to mean all sorts of
things, not only TLS. Yesterday i got an e-m
Hi all,
The point is we are now indeed on draft 18. Changing the name now is very
problematic because everybody on the mailinglist already calls it TLS 1.3,
for a long time and no matter what you do, a lot of us (who are hopefully
the experts) will keep referring to it under that name.
If you wan
The bottom line is that this is an unanswerable question. My advice
is to not change the name, because I think more name changes = more
confusion and it is _way_ too late to put TLS back in the box. But
what do I know--I'm just an end user! :)
On Fri, Dec 2, 2016 at 9:42 AM, Hubert Kario wr
On Fri, Dec 02, 2016 at 02:17:24PM +, Ackermann, Michael wrote:
> In Enterprise circles TLS is an unknown acronym and as painful as it
> is, we must usually refer to it as SSL, before anyone knows what we
> are talking about. Software products are guilty too. Parameter
> fields frequently
On Friday, 2 December 2016 14:12:38 CET Salz, Rich wrote:
> > SSL 2 < SSL 3 < "SSL" 1.0 < "SSL" 1.1 < "SSL" 1.2 < "SSL" 4 is not logical
> > ordering
>
> So? Who cares? A couple-hundred people in the IETF. And the issue is that
> SSL 3 < "SSL" 1.0 which is the issue no matter what we call what
+1 On Ted's comments.
In Enterprise circles TLS is an unknown acronym and as painful as it is, we
must usually refer to it as SSL, before anyone knows what we are talking
about.
Software products are guilty too. Parameter fields frequently reference SSL.
:(
-Original Message---
> SSL 2 < SSL 3 < "SSL" 1.0 < "SSL" 1.1 < "SSL" 1.2 < "SSL" 4 is not logical
> ordering
So? Who cares? A couple-hundred people in the IETF. And the issue is that
SSL 3 < "SSL" 1.0 which is the issue no matter what we call what we're doing
here. And the quotes around the last SSL do not belo
On Friday, 2 December 2016 14:04:36 CET Salz, Rich wrote:
> Nobody knows the difference tween 1.0 1.1 1.2
>
> SSL 4 or SSL 4.0 is a bigger number than 1.x and uses the same term that
> everyone, including our industry, uses. If someone sees "TLS 1.2" and
> thinks "wow, that's so much worse than S
"Salz, Rich" writes:
People already know that SSL3 is worse than "SSL" 1.0 though 1.2 , it's logical
that SSL 1.3 continues that trend. creating "SSL" 4 will bring more confusion.
Please explain that assertion.
I was going to ask that too, the quoted text seems..., well, gibberish to me.
On Friday, 2 December 2016 13:47:20 CET Salz, Rich wrote:
> > People already know that SSL3 is worse than "SSL" 1.0 though 1.2 , it's
> > logical that SSL 1.3 continues that trend. creating "SSL" 4 will bring
> > more confusion.
>
> Please explain that assertion.
SSL 2 < SSL 3 < "SSL" 1.0 < "SSL"
Nobody knows the difference tween 1.0 1.1 1.2
SSL 4 or SSL 4.0 is a bigger number than 1.x and uses the same term that
everyone, including our industry, uses. If someone sees "TLS 1.2" and thinks
"wow, that's so much worse than SSL 4 because the number is so much smaller,"
then isn't that a go
Rich, I don't think there is any explanation that can be given for the
assertion without collecting a lot of data. That said, the objection
makes sense to me. I certainly think of SSL as poison. Of course,
the average Joe on the street doesn't even know what TLS stands for,
but the people who
> People already know that SSL3 is worse than "SSL" 1.0 though 1.2 , it's
> logical
> that SSL 1.3 continues that trend. creating "SSL" 4 will bring more confusion.
Please explain that assertion.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter:
On Friday, 2 December 2016 03:12:41 CET Peter Gutmann wrote:
> Tony Arcieri writes:
> >There's already ample material out there (papers, presentations, mailing
> >list discussions, etc) which talks about "TLS 1.3".
>
> In other words, the TLS WG and a small number of people who interact with it
>
On 2 December 2016 at 09:22, Yoav Nir wrote:
>
>> On 2 Dec 2016, at 10:33, Peter Gutmann wrote:
>>
>> Stephen Farrell writes:
>>
>>> IIRC that was sort-of a condition for adoption of the work in the IETF 20
>>> years ago, when there were two different protocols already being deployed
>>> and
>>
Yoav Nir writes:
>The way I’ve heard it “SSL” is a registered trademark owned by Netscape (now
>AOL), so we can’t use it unless AOL lawyers sign off on that. It might be
>wrong, but if it’s true - good luck with that.
http://tmsearch.uspto.gov/bin/showfield?f=toc&state=4810%3Ajoxwrl.1.1&p_search
> On 2 Dec 2016, at 10:33, Peter Gutmann wrote:
>
> Stephen Farrell writes:
>
>> IIRC that was sort-of a condition for adoption of the work in the IETF 20
>> years ago, when there were two different protocols already being deployed and
>> the proponents of one of them said "we'll use that othe
Stephen Farrell writes:
>IIRC that was sort-of a condition for adoption of the work in the IETF 20
>years ago, when there were two different protocols already being deployed and
>the proponents of one of them said "we'll use that other one (SSL) but you
>gotta change the name of the standard or w
On 02/12/16 03:35, David Benjamin wrote:
> In hindsight, renaming SSL 3.1 was a terrible mistake.
IIRC that was sort-of a condition for adoption of the work
in the IETF 20 years ago, when there were two different
protocols already being deployed and the proponents of one
of them said "we'll use
44 matches
Mail list logo
