On Sat, Nov 19, 2016 at 02:41:04AM +, Peter Gutmann wrote:
> Replying to several messages at once to save space:
>
> Ilari Liusvaara:
>
> >One can downnegotiate TLS 1.3 to TLS 1.2.
>
> Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him
> whether it was possible to up
On 11/18/16 2:18 PM, Martin Thomson wrote:
> In the end, it's just a label.
Well, there are some semantics to it - I think a label
can be more than just a label.
It occurred to me that it's guaranteed that if it's
rebranded as TLS 4 we'll have people showing up with
internet drafts proposing TLS
On Fri, 2016-11-18 at 13:19 -0800, Vlad Krasnov wrote:
> > Well, for example, your website has twice as many mentions of SSL
> > as TLS. Why? Why don't you have a product called "Universal TLS"?
> > The ratio is the same for letsencrypto.org. TLS 1.0 had already
> > existed for more then a decade
Vlad Krasnov writes:
>Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are
>considered a major: just look at the difference between HTTP/2 and HTTP/1 -
>those are completely different protocols.
So are TLS 1.x and "1.3". It'd be interesting to hear from other implementers
on t
Replying to several messages at once to save space:
Ilari Liusvaara:
>One can downnegotiate TLS 1.3 to TLS 1.2.
Ah, you're obviously a fan of Steve Wozniak humour. When someone asked him
whether it was possible to upgrade from an Apple II+ to an Apple IIe, he
similarly said "yes, you unplug the
2016-11-19 7:32 GMT+09:00 Eric Mill :
> It seems like TLS 2 and TLS 2.0 have very little support, so it's really
> just deciding between:
>
> TLS 1.3
> TLS 4 (or maybe 4.0)
>
>
I oppose to going to TLS 4, due to the following reasons:
* it might give people false notion that SSL 2.0, 3.0 is supe
I recognize I don't participate on this list very often, but I also agree
with TLS 4.0 and Dan's argument. I teach an undergraduate security course
at Michigan; students have enough trouble keeping track of SSL vs TLS
versions as it is. Jumping to 4.0 allows us to end this versioning debacle
now.
If we decide to move to some numeral higher than 3 to avoid confusion, I
recommend *TLS 4*, but urge people to tell the story of the name in a way
that retains some sense of continuity and logic.
Here's a framing that makes sense:
*TLS 4 is the fourth version of TLS*
This framing will tell a posi
It seems like TLS 2 and TLS 2.0 have very little support, so it's really
just deciding between:
TLS 1.3
TLS 4 (or maybe 4.0)
I'll just amplify Rich's and djb's points by noting that the cost of
switching away from TLS 1.3 really only affects a very small number of
people -- really just the people
>In the end, it's just a label.
And some folks here have tried to explain why labels matter. If you don't find
those arguments compelling, that's fine. But if it's really "just" a label to
you, then I'll assume we've seen your last post on this thread? :)
--
Senior Architect, Akamai Techno
On 18 Nov 2016 21:10, "Peter Gutmann" wrote:
> Which is kind of odd, because the consensus on the list when it was
debated
> here a while back was to not call it 1.3.
Some of us stayed quiet for that conversation. I might speculate that it
was because it wasn't a constructive discussion.
In the
Hi all,
The consensus in the room was to leave it as is, i.e., TLS1.3, and
tonot rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this
decision on the list so please let the list know your top choice between:
- Leave it TLS 1.3
- Rebrand TLS 2.0
- Rebrand TLS 2
- Rebrand TLS 4
Is th
> People changing browser settings? Really?
I was thinking about site admins.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
It is imprinted in people's mind that minor version numbering = small
improvements and compatibility. People for better or worse see a minor
version as minor improvements and often disregard them considering the
effort versus the payout - even if that is a single configuration change.
That's how th
> Well, if the result of the confusion would be people *disabling* TLS 1.* in
> favor of SSL 3.0, they would discover very quickly what is TLS, and why no
> major browser works for them.
People changing browser settings? Really?
___
TLS mailing list
TL
> Well, for example, your website has twice as many mentions of SSL as TLS.
> Why? Why don't you have a product called "Universal TLS"? The ratio is the
> same for letsencrypto.org. TLS 1.0 had already existed for more then a decade
> before either place existed. BTW, at google, it's 20:1, a
> First: where can we see the study that proves people are indeed confused
> that TLS > SSL? I don’t buy into that. Are people really confused after 17
> years
> of TLS?
Well, for example, your website has twice as many mentions of SSL as TLS. Why?
Why don't you have a product called "Univers
+1 for TLS 1.3 anything else is confusing to everybody (the term 'SSL' is
still very common in the layman vocabulary)
That said, if I had to pick a second choice, then TLS4 would be my choice.
Deb Cooley
On Fri, Nov 18, 2016 at 3:26 PM, Joseph Birr-Pixton
wrote:
> For what it's worth I would p
For what it's worth I would prefer TLS4.
Cheers,
Joe
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
First: where can we see the study that proves people are indeed confused that
TLS > SSL? I don’t buy into that. Are people really confused after 17 years of
TLS?
Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are
considered a major: just look at the difference between HTTP/2
The largest number of users have the least amount of information, and
they see version numbers as part of various user interfaces. It's clear
how they will be inclined to guess 3>1.3>1.2>1.1>1.0 (very bad) but
4>3>1.2>1.1>1.0 (eliminating the problem as soon as 4 is supported).
We've all heard ane
Christian Huitema wrote:
>
> I prefer TLS 1.3, because is signals continuity with the
> ongoing TLS deployment efforts.
As long as the awful hiding of the ContentType information in TLS Records
remains in this protocol, it will *NOT* easily deploy as a replacement
of TLSv1.2.
I'm OK with TLS 4,
I am sick and tired of explaining to doc writers, UI designers, client
admins, and developers that 1.2 >> 2, and this massive overhaul of the
protocol merits more than a minor version bump in order to receive the
public attention and migration effort that it deserves. TLS 2 and TLS 3
also have
I prefer TLS 1.3, because is signals continuity with the ongoing TLS deployment
efforts.
-- Christian Huitema
> On Nov 18, 2016, at 6:47 AM, Ira McDonald wrote:
>
> Hi,
>
> +1 --- keep TLS 1.3
>
> Cheers,
> - Ira
>
>> On Fri, Nov 18, 2016 at 11:16 AM, Hubert Kario wrote:
>> On Friday, 18
Hi,
+1 --- keep TLS 1.3
Cheers,
- Ira
On Fri, Nov 18, 2016 at 11:16 AM, Hubert Kario wrote:
> On Friday, 18 November 2016 11:12:48 CET Sean Turner wrote:
> > At IETF 97, the chairs lead a discussion to resolve whether the WG should
> > rebrand TLS1.3 to something else. Slides can be found @
>
On Friday, 18 November 2016 11:12:48 CET Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr6
> 12-01.pdf.
>
> The cons
On 2016-11-18 16:40, Ilari Liusvaara wrote:
On Fri, Nov 18, 2016 at 01:03:50PM +, Peter Gutmann wrote:
So you're saying that apart from the different algorithms, cipher suites,
messages, message fields, message flow, handshaking, negotiation, extensions,
and crypto, it's practically the same
On Fri, Nov 18, 2016 at 7:49 AM, Will Serumgard
wrote:
> At this point it is a little late to change. I say stay with TLS1.3. As
> some others pointed out maybe we can make a jump in the next version.
>
Renumbering SSL 3.1 as TLS 1.0 was a mistake in the first place, but I
don't believe that cha
At this point it is a little late to change. I say stay with TLS1.3. As some
others pointed out maybe we can make a jump in the next version.
Will Serumgard
> On Nov 18, 2016, at 7:42 AM, Michael Ströder wrote:
>
>> On 2016-11-18 16:34, Eric Mill wrote:
>> As really a non-participant in the
On 2016-11-18 16:34, Eric Mill wrote:
As really a non-participant in the WG, I don't expect my preference to
count much,
dito for in my case
but for whatever it's worth, it would be:
TLS 4 > TLS 2 > TLS 1.3 > TLS 2.0
+1
Ciao, Michael.
___
TLS m
On Fri, Nov 18, 2016 at 01:03:50PM +, Peter Gutmann wrote:
> Ilari Liusvaara writes:
>
> >I would leave that sort of version changes to really major shifts where the
> >compatiblity is completely broken. And TLS 1.3 is not that major change.
>
> So you're saying that apart from the different
On Thu, Nov 17, 2016 at 9:12 PM, Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-
> rebranding-aka-pr612-01.pdf.
>
> The consensus i
Ilari Liusvaara writes:
>I would leave that sort of version changes to really major shifts where the
>compatiblity is completely broken. And TLS 1.3 is not that major change.
So you're saying that apart from the different algorithms, cipher suites,
messages, message fields, message flow, handsha
Renaming was brought up on the list before like Peter said. It was discussed
with at least one chair during an interim, and I was told we'll bring it up
when we're almost done because we don't want to distract the group now. And
I'll attribute Martin's atypical heavy-handed comments to typical
On Fri, Nov 18, 2016 at 11:12:48AM +0900, Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG
> should rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
>
> The consen
On Fri, Nov 18, 2016 at 06:42:44PM +0900, Martin Thomson wrote:
> There is no point in re-litigating this decision. The consensus call
> was pretty clear in the room.
My impression was that the list is where rough consensus is
established, and consensus in "the room" does not preempt discussion
Sean Turner writes:
>The consensus in the room was to leave it as is, i.e., TLS1.3, and to not
>rebrand it to TLS 2.0, TLS 2, or TLS 4.
Which is kind of odd, because the consensus on the list when it was debated
here a while back was to not call it 1.3. It definitely shouldn't be 1.3
because it
On 18 November 2016 at 11:12, Sean Turner wrote:
> - Leave it TLS 1.3
There is no point in re-litigating this decision. The consensus call
was pretty clear in the room.
Perhaps the question would have been better phrased as: "does anyone
have new information that would suggest those present at
On Thursday, November 17, 2016 09:12:48 pm Sean Turner wrote:
> The consensus in the room was to leave it as is, i.e., TLS1.3, and to not
> rebrand it to TLS 2.0, TLS 2, or TLS 4. We need to confirm this decision on
> the list so please let the list know your top choice between:
>
> - Leave it
I already hummed in the room, but I think it should stay as TLS 1.3. Either
of TLS 2 or TLS 4 makes the SSL/TLS silliness worse. One matches SSL 2.0
and the other just makes all this weirder. (Do we really want 2.0 < 3.0 <
1.0 < 1.1 < 1.2 < 4?)
TLS 1.3 is the natural next number and doesn't make a
On Fri, Nov 18, 2016 at 11:12:48AM +0900, Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
>
> The conse
I am a big fan of leaving it as TLS 1.3.
It feels more like evolution than revolution, even with the addition of
0-RTT. I would like to see a future TLS 2.0, but one that makes fundamental
changes which didn't make the cut for 1.3, e.g. moving to OPTLS.
--
Tony Arcieri
__
I prefer TLS 1.3 but am also fine with TLS 4.
On Fri, Nov 18, 2016 at 11:12 AM, Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to something else. Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-
> 97-tls-
I also prefer TLS 4 but am fine with TLS 1.3
- Erik
On Nov 17, 2016 9:41 PM, "Yoav Nir" wrote:
> Bleh. Can’t we get AOL to release the SSL trademark so that we can call it
> SSLv4?
>
> I hummed for TLS 4, so I’ll stay consistent: TLS 4.
>
> Yoav
>
> > On 18 Nov 2016, at 11:12, Sean Turner wr
Bleh. Can’t we get AOL to release the SSL trademark so that we can call it
SSLv4?
I hummed for TLS 4, so I’ll stay consistent: TLS 4.
Yoav
> On 18 Nov 2016, at 11:12, Sean Turner wrote:
>
> At IETF 97, the chairs lead a discussion to resolve whether the WG should
> rebrand TLS1.3 to somethi
101 - 145 of 145 matches
Mail list logo