On Fri, Mar 29, 2024 at 2:59 AM David Benjamin <david...@chromium.org> wrote:
> Regarding renaming, I'm torn. "Group" was a truly horrible rename. The names > we pick make their way into APIs and even sometimes UI surfaces for > developers. Every time I've plumbed TLS named groups into another system, > I've been met with confusion about what in the world a "group" is, and I've > had to embarrassingly explain that yes, it is a term of art, short for > "Diffie-Hellman group", no, it doesn't even make sense with PQC, and I'm > truly very sorry that TLS chose such a needlessly confusing name, but it's > the name we've got. Sometimes I just give up on the TLSWG's naming and just > saying "key exchange" or "key agreement", but that gets a little tricky > because that can also mean the left half of a TLS 1.2 cipher suite (ECDHE_RSA > / ECDHE_ECDSA / RSA). At one point, we tried "key exchange group" to avoid > that, but that's also problematic as one needs to explain to translators that > this does not mean "primary trade collection". > > This name is bad enough that I needed to make a pre-written explanation for > this, so I can save time and link to it every time it comes up. > > At the same time, we've already renamed this once. These names we pick make > their way everywhere, each rename we do is costly. All the old "curve" APIs > had to be doubled up and deprecated in systems, with the old ones forever > stuck around. And then some systems (probably correctly) decided to stick > with the old "curve" name. Renaming again will add a third, and repeat this > costly cycle. This would be why in spite of the fact that I dislike the "group" name, I would lean more to the "no do not rename" - We already deal with "group" and "curve" for this and the names are scattered through API and implementations, and we already have to deal with explaining it's not really a group, and not really a curve, and it was renamed. IMO Renaming this a third time will simply add more such confusion to this area and make the "explaining" david alludes to above even longer to add a third case to make people aware of the rough equivalency of the third name in the saga, since the old names will not go away soon or easily. > Had we not renamed, I would say we just keep it at "curves". While "curves" > is also wrong for PQC, it is less generic of a name than "group" and, in my > experience, reads more clearly as a random term of art. It's a pity that we > then changed it to one of the most overloaded words in English imaginable. :-( _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
