+1 with Andrei. "That SSL should never be used" is the one clear message we have so going back to SSL would muddy those waters too much. Strong vote for staying with TLS. It will become better known over time- especially with the current enterprise push to deprecate all SSL versions from use. Regarding the numbering schema, someone recently mentioned that probably only a few hundred of us are aware of the TLS 1.3 nomenclature at this point and I would concur with that. So, after considering all of the good points that have been circulating, I would like to change my vote to TLS 2017. It provides clarity, recognizes that it is a major change and pulls us out of the whole SSL/TLS numbering confusion/quagmire.
Darin From: Andrei Popov <andrei.po...@microsoft.com> To: Daniel Kahn Gillmor <d...@fifthhorseman.net>, Peter Gutmann <pgut...@cs.auckland.ac.nz>, Stephen Farrell <stephen.farr...@cs.tcd.ie>, David Benjamin <david...@chromium.org>, Tony Arcieri <basc...@gmail.com>, "<tls@ietf.org>" <tls@ietf.org> Date: 12/02/2016 12:34 PM Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* Sent by: "TLS" <tls-boun...@ietf.org> Indeed, "all known versions of SSL are broken and should never be used" is what I've been telling people for a while now... -----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Daniel Kahn Gillmor Sent: Friday, December 2, 2016 6:36 AM To: Peter Gutmann <pgut...@cs.auckland.ac.nz>; Stephen Farrell <stephen.farr...@cs.tcd.ie>; David Benjamin <david...@chromium.org>; Tony Arcieri <basc...@gmail.com>; <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS* On Fri 2016-12-02 03:33:21 -0500, Peter Gutmann wrote: > If no-one from Microsoft has any objections, can we just rename it > back to what it's always been for everyone but us, SSL? fwiw, the industry (and stackexchange) uses "SSL" to mean all sorts of things, not only TLS. Yesterday i got an e-mail from a reputable CA reseller that said "Your SSL is expiring in two days! Buy a new SSL now!" Surely no one is proposing that we also re-name the X.509 certificate format to "SSL" just because vendors whose business models revolve around these products are confused about terminology. What else should we rename to "SSL" on that basis? Maybe a load-balancer is also "SSL"! Here's a useful and effective meme for convincing bosses that it's ok to turn off SSLv3: all known versions of SSL are broken and should never be used. Please do not break this meme by trying to rename TLS to SSL. I don't care about the bikeshed over the number: i'd be fine with any of TLS 1.3 or TLS 4 or TLS 2017. But can we please not create *even more* confusion by bikeshedding over the name itself? --dkg _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls U.S. BANCORP made the following annotations --------------------------------------------------------------------- Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation. ---------------------------------------------------------------------
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
