(replies to 4 separate but related posts, below) On Wednesday, August 31, 2016 03:52:44 am Peter Gutmann wrote: > Julien ÉLIE <jul...@trigofacile.com> writes: > >Considering that possible change, wouldn't it be useful to go on working on > >draft-gutmann-tls-lts-05, and consider TLS-LTS not as a TLS extension but as > >a real 1.3 version of the 1.x series? > > If the current 2.0-called-1.3 is renamed to 2.0, I'd be open to calling LTS > "1.3", although I think it's more a 1.2.1 :-). Its real goal though is to be > exactly what it says on the label, an LTS version of the TLS 1.x line that can > be used in devices with long lifecycles that are based on the 1.x family and > need a best-of-breed version of that. So LTS would be the final, wrap-up > version of the 1.x line for people who need, well, an LTS version of the > protocol.
You can't really do that. The HTTP/2 spec explicitly refers to TLS 1.3 and up as not needing the security restrictions on TLS 1.2 it lays out. Any TLS 1.2 LTS will need to be 1.2.x to deal with old documents citing the draft. (there's also citations of analysis of TLS 1.3 that reference it) On Tuesday, August 30, 2016 05:21:21 pm Daniel Kahn Gillmor wrote: > https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml > doesn't have a "TLS version" registry. Would it be simpler to have IANA > create that and just populate it with: > > Value | Description | Reference > ------+-------------+---------- > 0x30 | SSLv3 | RFC 6101, RFC 7568 > 0x31 | TLSv1.0 | RFC 2246 > 0x32 | TLSv1.1 | RFC 4346 > 0x33 | TLSv1.2 | RFC 5246 > 0x34 | TLSv4 | RFC XXXX I've already dropped the struct major/minor labels and changed the type to just uint8x2 in my draft of this proposal. Explicitly adding a registry to go with this sounds good to me. On Wednesday, August 31, 2016 05:35:47 am Xiaoyin Liu wrote: > It's normal that people confuse SSLv3 with TLS. SSL 3.0 was a released and > widely deployed protocol, and the term "SSL" is still widely used today to > refer to TLS.[...] "Normal" people have no clue what SSL or TLS is. Personally, I say that anyone saying "SSL" should be interrupted by saying "SSL is dead, long live TLS". All of SSL has been diediedied, so it's a reasonable cutoff point to support expectations for the moment, at least. SSL/TLS is a mess of over 20 years of stuff; we can't clean it up fully, but we can try to make it a little more clear. ;) On Wednesday, August 31, 2016 04:47:59 am Hubert Kario wrote: > if the WG really wants a TLSvX.0 name, the X really should be bigger than 3 We can call it TLS-2016 in addition to 2.0, which could help with some people, but doing the disjoint versioning thing is not a good idea, IMO (and a fair portion of the WG seems to be notably against it). I don't want to do a confusing thing to try to mitigate another confusing thing. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
