First: where can we see the study that proves people are indeed confused that TLS > SSL? I don’t buy into that. Are people really confused after 17 years of TLS?
Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are considered a major: just look at the difference between HTTP/2 and HTTP/1 - those are completely different protocols. Most of TLS 1.3 could be implemented on top of TLS 1.2 with extensions (the way it really looks, if you consider even client_version remains the same). Third: There was *some* marketing on TLS 1.3, and changing the name now will just tell the public the WG is confused and doesn’t know what its doing. I vote for TLS 1.3. > On 18 Nov 2016, at 10:07, D. J. Bernstein <d...@cr.yp.to> wrote: > > The largest number of users have the least amount of information, and > they see version numbers as part of various user interfaces. It's clear > how they will be inclined to guess 3>1.3>1.2>1.1>1.0 (very bad) but > 4>3>1.2>1.1>1.0 (eliminating the problem as soon as 4 is supported). > > We've all heard anecdotes of 3>1.2>1.1>1.0 disasters. Even if this type > of disaster happens to only 1% of site administrators, it strikes me as > more important for security than any of the arguments that have been > given for "TLS 1.3". So I would prefer "TLS 4". > > Yes, sure, we can try to educate people that TLS>SSL (but then we're > fighting against tons of TLS=SSL messaging), or educate them to use > server-testing tools (so that they can fix the problem afterwards---but > I wonder whether anyone has analyzed the damage caused by running SSLv3 > for a little while before switching the same keys to a newer protocol), > and hope that this education fights against 3>1.3 more effectively than > it fought against 3>1.2. But it's better to switch to a less error-prone > interface that doesn't require additional education in the first place. > > ---Dan > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
