Re: [TLS] TLS 1.3 -> TLS 2.0?

On Tue, Aug 30, 2016 at 11:19 AM, Dave Garrett wrote: > I think it's time we just renamed TLS 1.3 to TLS 2.0. +0.7 -- Colm ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] TLS 1.3 -> TLS 2.0?

Dave Garrett writes: >The HTTP/2 spec explicitly refers to TLS 1.3 and up as not needing the >security restrictions on TLS 1.2 it lays out. Given that LTS fixes all (known) problems in TLS 1.2 and earlier (hey, if you know of weaknesses/attacks, say so now), it doesn't seem like it'd need any ex

Re: [TLS] TLS 1.3 -> TLS 2.0?

+1 On Wed, Aug 31, 2016 at 7:05 PM, Richard Barnes wrote: > I am in total agreement with Nick here. "TLS 1.3" accurately describes what > we're doing here, and it's consistent with our past naming scheme. > > There is no upside to changing away from 1.3, and as Nick notes, lots of > potential do

Re: [TLS] TLS 1.3 -> TLS 2.0?

> On 1 Sep 2016, at 6:31 PM, Dave Garrett wrote: > > On Thursday, September 01, 2016 02:05:25 am Judson Wilson wrote: >>> I like TLS/2 aesthetically, and represents a similar level of >>> progress/reset that HTTP saw when it jumped from 1.1 to /2. >> >> What is the slash in the name all about?

Re: [TLS] TLS 1.3 -> TLS 2.0?

On Thursday, September 01, 2016 02:05:25 am Judson Wilson wrote: > > I like TLS/2 aesthetically, and represents a similar level of > > progress/reset that HTTP saw when it jumped from 1.1 to /2. > > What is the slash in the name all about? Is it simply playing off the HTTP > start line specificati

Re: [TLS] TLS 1.3 -> TLS 2.0?

> On Aug 31, 2016, at 10:01 PM, Eric Mill wrote: > > > FWIW, I've definitely seen real-world confusion about SSLv3 being a more > recent protocol than TLS 1.X, by organizations that should know better. If > there's interest and consensus, this could be a good opportunity to reset the > situat

Re: [TLS] TLS 1.3 -> TLS 2.0?

> > FWIW, I've definitely seen real-world confusion about SSLv3 being a more > recent protocol than TLS 1.X, by organizations that should know better. If > there's interest and consensus, this could be a good opportunity to reset > the situation with TLS/2 or TLS 4.0. > > I like TLS/2 aesthetically

Re: [TLS] TLS 1.3 -> TLS 2.0?

On Wed, Aug 31, 2016 at 7:05 PM, Richard Barnes wrote: > I am in total agreement with Nick here. "TLS 1.3" accurately describes > what we're doing here, and it's consistent with our past naming scheme. > > There is no upside to changing away from 1.3, and as Nick notes, lots of > potential downs

Re: [TLS] TLS 1.3 -> TLS 2.0?

On Wednesday, August 31, 2016 06:42:28 pm Erik Nygren wrote: > Is it worth having a poll (hate it, neutral, love it) on options to judge > preference > It seems like options are (I may have missed some): > > - TLS 1.3 (ie, the default if we do nothing) > - TLS 2.0 > - TLS 2 > - TLS/2 > - TLS 4.0

Re: [TLS] TLS 1.3 -> TLS 2.0?

I am in total agreement with Nick here. "TLS 1.3" accurately describes what we're doing here, and it's consistent with our past naming scheme. There is no upside to changing away from 1.3, and as Nick notes, lots of potential downside. --Richard On Wednesday, August 31, 2016, Nick Sullivan wro

Re: [TLS] TLS 1.3 -> TLS 2.0?

On Wednesday, August 31, 2016 06:35:13 pm Nick Sullivan wrote: > I am reluctant to endorse a name change from TLS 1.3 to TLS 2.0. I was too, until we created a new cipher suite negotiation incompatible with previous versions. > I see a few immediate issues with the proposal: > - it causes confus

Re: [TLS] TLS 1.3 -> TLS 2.0?

Is it worth having a poll (hate it, neutral, love it) on options to judge preference It seems like options are (I may have missed some): - TLS 1.3 (ie, the default if we do nothing) - TLS 2.0 - TLS 2 - TLS/2 - TLS 4.0 - TLS/4 - TLS 4 - TLS 34 On the topic of "what does this re-open", I'm not con

Re: [TLS] TLS 1.3 -> TLS 2.0?

I am reluctant to endorse a name change from TLS 1.3 to TLS 2.0. I see a few immediate issues with the proposal: - it causes confusion with SSL 2.0 - it implies wire incompatibility with TLS 1.2 - it suggests there will be a forthcoming TLS 2.1 with only minor changes If we're dead set on bumping

Re: [TLS] TLS 1.3 -> TLS 2.0

I've updated my WIP based on feedback and submitted it as a PR here: https://github.com/tlswg/tls13-spec/pull/612 If anyone else catches another spot that needs some updating, please comment on the PR. As this is a rather notable change, I do propose this remain open for discussion for at least

Re: [TLS] TLS 1.3 -> TLS 2.0?

We could call it TLS 3.4 which would match the internal ID. :-) BTW, I think using something other than 1.3 is a good idea. Cheers - Bill - Bill Frantz| When it comes to the world | Periwinkle (408)356-8506

Re: [TLS] TLS 1.3 -> TLS 2.0?

(replies to 4 separate but related posts, below) On Wednesday, August 31, 2016 03:52:44 am Peter Gutmann wrote: > Julien ÉLIE writes: > >Considering that possible change, wouldn't it be useful to go on working on > >draft-gutmann-tls-lts-05, and consider TLS-LTS not as a TLS extension but as > >a

Re: [TLS] TLS 1.3 -> TLS 2.0?

> On 31 Aug 2016, at 8:28 PM, Andrei Popov wrote: > >> No they don’t always look at the 16-bit field (although they might), but >> they look at you funny when you tell them that 1.0 > 3.0 and that you should >> totally disable 3.0 and prefer to use 1.2 instead. > :) True, but when this happens

Re: [TLS] TLS 1.3 -> TLS 2.0?

, for that matter). -Original Message- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Yoav Nir Sent: Wednesday, August 31, 2016 7:55 AM To: Daniel Kahn Gillmor Cc: Subject: Re: [TLS] TLS 1.3 -> TLS 2.0? > On 31 Aug 2016, at 12:21 AM, Daniel Kahn Gillmor > wrote: > &g

Re: [TLS] TLS 1.3 -> TLS 2.0?

Erik Nygren writes: > I'm also very supportive for the reasons you outline. > > However, I think we should consider calling it TLS 4 or TLS 4.0 or TLS 5. > > In particular, much of the non-technical audience still calls it "SSL" (pet > peeve of many of us, I suspect) and having a version number c

Re: [TLS] TLS 1.3 -> TLS 2.0?

+10k Rich Salz responded: > DKG proposed: >> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml >> doesn't have a "TLS version" registry. Would it be simpler to have IANA >> create that and just populate it with: >> >>Value | Description | Reference >>--+---

Re: [TLS] TLS 1.3 -> TLS 2.0?

> On 31 Aug 2016, at 12:21 AM, Daniel Kahn Gillmor > wrote: > > On Tue 2016-08-30 16:14:06 -0400, Hubert Kario wrote: >> On Tuesday, 30 August 2016 14:19:33 CEST Dave Garrett wrote: >>> * Keep the version ID as { 3, 4 } (already weird counting; changing risks >>> more intolerance) >> >> IMNSHO

Re: [TLS] TLS 1.3 -> TLS 2.0?

> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml > doesn't have a "TLS version" registry. Would it be simpler to have IANA > create that and just populate it with: > > Value | Description | Reference > --+-+-- >0x30 |SSLv3| RFC 6101, R

Re: [TLS] TLS 1.3 -> TLS 2.0?

On Tue 2016-08-30 16:14:06 -0400, Hubert Kario wrote: > On Tuesday, 30 August 2016 14:19:33 CEST Dave Garrett wrote: >> * Keep the version ID as { 3, 4 } (already weird counting; changing risks >> more intolerance) > > IMNSHO this alone is enough of a reason not to do this > > it's enough explaini

Re: [TLS] TLS 1.3 -> TLS 2.0?

On Wednesday, 31 August 2016 09:35:47 CEST Xiaoyin Liu wrote: > > From: Hubert Kario [mailto:hka...@redhat.com] > > Sent: Wednesday, August 31, 2016 4:48 AM > > To: Xiaoyin Liu > > Cc: tls@ietf.org > > Subject: Re: [TLS] TLS 1.3 -> TLS 2.0? > > >

Re: [TLS] TLS 1.3 -> TLS 2.0?

> From: Hubert Kario [mailto:hka...@redhat.com] > Sent: Wednesday, August 31, 2016 4:48 AM > To: Xiaoyin Liu > Cc: tls@ietf.org > Subject: Re: [TLS] TLS 1.3 -> TLS 2.0? > > On Tuesday, 30 August 2016 22:20:45 CEST Xiaoyin Liu wrote: > > > -Original Message

Re: [TLS] TLS 1.3 -> TLS 2.0?

On Tuesday, 30 August 2016 22:20:45 CEST Xiaoyin Liu wrote: > > -Original Message- > > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Hubert Kario > > Sent: Tuesday, August 30, 2016 4:14 PM > > To: tls@ietf.org > > Subject: Re: [TLS] TLS 1.3 -> TLS 2.

Re: [TLS] TLS 1.3 -> TLS 2.0?

Julien ÉLIE writes: >Considering that possible change, wouldn't it be useful to go on working on >draft-gutmann-tls-lts-05, and consider TLS-LTS not as a TLS extension but as >a real 1.3 version of the 1.x series? If the current 2.0-called-1.3 is renamed to 2.0, I'd be open to calling LTS "1.3",

Re: [TLS] TLS 1.3 -> TLS 2.0?

Hi all, I think it's time we just renamed TLS 1.3 to TLS 2.0. There are major changes, so labeling it a major version seems more appropriate. +1 to all of this. As people on the list know, I've been calling it "TLS 2.0-called-1.3" for a long time now. It really is a new protocol rather than

Re: [TLS] TLS 1.3 -> TLS 2.0?

Dave Garrett writes: >I think it's time we just renamed TLS 1.3 to TLS 2.0. There are major >changes, so labeling it a major version seems more appropriate. > >[...] +1 to all of this. As people on the list know, I've been calling it "TLS 2.0-called-1.3" for a long time now. It really is a ne

Re: [TLS] TLS 1.3 -> TLS 2.0?

On Tue, 2016-08-30 at 14:19 -0400, Dave Garrett wrote: > I occasionally see people ask why we're calling it TLS 1.3 when so > much has changed, and I used to simply think that it was too > bikesheddy to bother changing at this point. However, now that we've > redone negotiation, we have new TLS 1.3

Re: [TLS] TLS 1.3 -> TLS 2.0?

> -Original Message- > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Hubert Kario > Sent: Tuesday, August 30, 2016 4:14 PM > To: tls@ietf.org > Subject: Re: [TLS] TLS 1.3 -> TLS 2.0? > > On Tuesday, 30 August 2016 14:19:33 CEST Dave Garrett wrote: > >

Re: [TLS] TLS 1.3 -> TLS 2.0?

On 30/08/16 21:14, Hubert Kario wrote: On Tuesday, 30 August 2016 14:19:33 CEST Dave Garrett wrote: * Keep the version ID as { 3, 4 } (already weird counting; changing risks more intolerance) IMNSHO this alone is enough of a reason not to do this it's enough explaining to people that SSLv3.3

Re: [TLS] TLS 1.3 -> TLS 2.0?

I'm also very supportive for the reasons you outline. However, I think we should consider calling it TLS 4 or TLS 4.0 or TLS 5. In particular, much of the non-technical audience still calls it "SSL" (pet peeve of many of us, I suspect) and having a version number clearly greater than SSLv3 and no

Re: [TLS] TLS 1.3 -> TLS 2.0?

On Tuesday, 30 August 2016 14:19:33 CEST Dave Garrett wrote: > * Keep the version ID as { 3, 4 } (already weird counting; changing risks > more intolerance) IMNSHO this alone is enough of a reason not to do this it's enough explaining to people that SSLv3.3 is really TLSv1.2, now we'll have SSL

Re: [TLS] TLS 1.3 -> TLS 2.0?

On Tuesday, August 30, 2016 02:36:51 pm Xiaoyin Liu wrote: > I support this change as long as there is no technical change (version ID > remains 0x0304). To reiterate, I am also against changing the version ID. However, I do think it's worth updating the context string version number, otherwise

Re: [TLS] TLS 1.3 -> TLS 2.0?

I support this change as long as there is no technical change (version ID remains 0x0304). Best, Xiaoyin From: Dave Garrett Sent: Tuesday, August 30, 2016 2:19 PM To: tls@ietf.org Subject: [TLS] TLS 1.3 -> TLS 2.0? I occasionally see peop

Re: [TLS] TLS 1.3 -> TLS 2.0?

This proposal makes a lot of sense to me. I've had numerous conversations explaining to folks that TLS 1.3 is really TLS 2.0. Cheers, Andrei -Original Message- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dave Garrett Sent: Tuesday, August 30, 2016 11:20 AM To: tls@ietf.org Subj