Re: [TLS] TLS 1.3 -> TLS 2.0?

Adam Caudill <adam@adamcaudill.com> Thu, 01 September 2016 09:03 UTC

Return-Path: <adam@adamcaudill.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC90012D86E for <tls@ietfa.amsl.com>; Thu, 1 Sep 2016 02:03:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adamcaudill.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ghwRLm4E6lxo for <tls@ietfa.amsl.com>; Thu, 1 Sep 2016 02:03:34 -0700 (PDT)
Received: from mail-ua0-x22a.google.com (mail-ua0-x22a.google.com [IPv6:2607:f8b0:400c:c08::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20A2312D129 for <tls@ietf.org>; Thu, 1 Sep 2016 02:03:34 -0700 (PDT)
Received: by mail-ua0-x22a.google.com with SMTP id q42so75557182uaq.1 for <tls@ietf.org>; Thu, 01 Sep 2016 02:03:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adamcaudill.com; s=google; h=mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=ow6yLYvQKxWPHsp0Yvj0ePDXQgBr1z4Obqqa9b5JhXk=; b=Yzz8W6JtM5PYSx75z2mBi7UvkKm6ZnlF/6eziQnajBlV/8uLoUfNNsQaykWU4vWGTq XW7W0E/oO/3BmJsaW5HEEDnK/BB7BfqtwzhWOyNEuVU66ZVYWx3UfJRs1AMGcagPuaFy gbVqPlcKtNlOy9pCZHakdCWdjZCqerd8aIBPQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=ow6yLYvQKxWPHsp0Yvj0ePDXQgBr1z4Obqqa9b5JhXk=; b=PPpkRl+Bf1Taw8PnWjR/wHRiZHKGwwh5nXwfjGKllsZZ+V19xNFrJzv9COLySAB73R g+POPo1Sk5VWYdIKZ8rGJVOPKztxU/hZV5++oB4TWRN4Cax914IHpHlKVQv4pedCObay 86ufVsGoqzmV8HoU1lkDuRYRY9NKLZmykszZPpuhLt41uAbyw4rf6I+YEArOspElAd8W uz+rTPCepv7uRj81v0keIcrGWObsoPEwz2SbbXGDVGjbvcqJ3YSweyjC5Vrn2+UCygQi LZQr68x1wsuP0Q4f7ydCAFOUWx5985qigjw1CkV3Ye5OCO+NG0gcav4WBOD6VyZ8GM4O nnug==
X-Gm-Message-State: AE9vXwMk0cxfn+66fUm2pXx50SuYebLhfnzZKdiYYhHZdHLcLR6sPBDrwrDfwIEhLO83sg==
X-Received: by 10.31.137.129 with SMTP id l123mr8352294vkd.97.1472720612962; Thu, 01 Sep 2016 02:03:32 -0700 (PDT)
Received: from [10.0.1.3] (c-66-177-183-93.hsd1.fl.comcast.net. [66.177.183.93]) by smtp.gmail.com with ESMTPSA id 199sm692248vkl.1.2016.09.01.02.03.32 for <tls@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 01 Sep 2016 02:03:32 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Adam Caudill <adam@adamcaudill.com>
In-Reply-To: <CANBOYLVNpJWRJJ4CD6=Hm2wwPxNkKZqZ==9O6qwqcU+Zu8nN-A@mail.gmail.com>
Date: Thu, 1 Sep 2016 05:03:30 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <A9BE82B7-581E-486E-9CBE-B6F002AF20BE@adamcaudill.com>
References: <3453142.248EJ6K14H@pintsize.usersys.redhat.com> <r470Ps-10116i-CEC3CA8865CF43238F20CDDF8386D067@Williams-MacBook-Pro.local> <CAOjisRwQ-p6fi=_wTpdwpSQHzp5-iNKdu=QgGAtYe+HC_huHcg@mail.gmail.com> <CAL02cgReq5tNaTuk72G5-4A2r4tVbpYZtZ_1J46c+7VxwOF1Xg@mail.gmail.com> <CANBOYLVNpJWRJJ4CD6=Hm2wwPxNkKZqZ==9O6qwqcU+Zu8nN-A@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
X-Mailer: Apple Mail (2.3112)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6qSEOovcYxvP1_sOrFaUwRLyDnA>
Subject: Re: [TLS] TLS 1.3 -> TLS 2.0?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2016 09:03:40 -0000

> On Aug 31, 2016, at 10:01 PM, Eric Mill <eric@konklone.com>; wrote:
> 
> 
> FWIW, I've definitely seen real-world confusion about SSLv3 being a more recent protocol than TLS 1.X, by organizations that should know better. If there's interest and consensus, this could be a good opportunity to reset the situation with TLS/2 or TLS 4.0. 
> 
> I like TLS/2 aesthetically, and represents a similar level of progress/reset that HTTP saw when it jumped from 1.1 to /2.
> 
> -- Eric

If it was called TLS/2, I suspect most people would still view it as TLS 2.0 - personally I see the <protocol>/<version> naming scheme as more of a aesthetic choice than something that meaningfully impacts perception.

The mistakes that were made that set up the potential confusion between SSL 2 and TLS 2 were made long ago, and are likely beyond correction at this point. While we could go with TLS 3.4 (to match the version on the wire), or TLS 4.0 (to jump past the SSL versions), I agree with those that stated that it would cause additional confusion. And there’s more than enough confusion out there thanks to SSL vs. TLS, no need to further complicate matters.

As for moving from TLS 1.3 to TLS 2.0 - this is something that will have to be dealt with at some point. Calling this version 2.0 was debated quite some time ago, and as I recall, the consensus then was to go with 1.3 and keep the changes minimal, saving 2.0 for a later, larger set of changes. Looking at the current version of the draft, calling this 2.0 seems fitting to me - as the changes have been fairly significant, not the overhaul that some wanted, but still significant.

Personally, I don’t think what we call it actually has that much impact though - calling it 2.0 could cause some to jump on it quicker, could cause those that are highly risk-adverse to delay it, I doubt either of these groups would be large enough to have an impact. It’s still a new version, and will be treated the same as new versions were in the past, no matter what we call it.

Overall, I’m indifferent on calling it 2.0, generally against /2, 3.4, 4.0, etc. and perfectly fine leaving it as 1.3.

-- 
Adam Caudill
adam@adamcaudill.com
http://adamcaudill.com/