IETF Logo Mail Archive

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Scott Schmit <i.grok@comcast.net> Tue, 22 November 2016 15:05 UTC

Return-Path: <i.grok@comcast.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4991D12966C for <tls@ietfa.amsl.com>; Tue, 22 Nov 2016 07:05:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mG0ulH9NjKwD for <tls@ietfa.amsl.com>; Tue, 22 Nov 2016 07:05:04 -0800 (PST)
Received: from resqmta-po-01v.sys.comcast.net (resqmta-po-01v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:160]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF914129565 for <tls@ietf.org>; Tue, 22 Nov 2016 07:05:01 -0800 (PST)
Received: from resomta-po-03v.sys.comcast.net ([96.114.154.227]) by resqmta-po-01v.sys.comcast.net with SMTP id 9CcicIXzBucHZ9Cd2cXCg4; Tue, 22 Nov 2016 15:05:00 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1479827100; bh=MOCROJa9Yc/6pIhysPnuAEwR8Psk8m/gac0mVYVsPYI=; h=Received:Received:Received:Received:Date:From:To:Subject: Message-ID:MIME-Version:Content-Type; b=RiqM1JWBCafDPckW1QwCQs5L3SAQodSp4KhQkMI1MtLDRHvZzJ+DSZKzALLK8w2Bb 3oj3EswIvvaohR4b0QOwfyk8wlhrKQ3UZXzzSWTV7W1q2S/lFbh9d4gLT+et+V4Yi2 cdg4cOXEvVGLoOU235Ae2XNHFD7OgD4rttSVY2KjMfSIxbNyNPxc8kGYhh+JHK6QP0 9pt7aBLZA1WN4AxZnvd5siqs5qGywS2Xjsv8yxisaz+NxUWw/gyzz0Hd535VdhOKIG TZPepNxFWQIDAlThvwl7YzVnH2110uEYL7iwkPY70gR4F5sDogbUUiQ+/KQ10ovREV OeekNHmxt95vg==
Received: from odin.ULTHAR.us ([IPv6:2001:470:8c86:0:225:64ff:fe8b:c2f2]) by resomta-po-03v.sys.comcast.net with SMTP id 9CcrcNyGD1Uzn9CcwcXleH; Tue, 22 Nov 2016 15:04:58 +0000
Received: from odin.ULTHAR.us (localhost [127.0.0.1]) by odin.ULTHAR.us (8.15.2/8.14.5) with ESMTP id uAMF4mpU002837 for <tls@ietf.org>; Tue, 22 Nov 2016 10:04:48 -0500
Received: (from draco@localhost) by odin.ULTHAR.us (8.15.2/8.15.2/Submit) id uAMF4m0P002836 for tls@ietf.org; Tue, 22 Nov 2016 10:04:48 -0500
Date: Tue, 22 Nov 2016 10:04:48 -0500
From: Scott Schmit <i.grok@comcast.net>
To: tls@ietf.org
Message-ID: <20161122150447.GA21794@odin.ULTHAR.us>
References: <CF83FAD0-B337-4F9E-A80B-2BAA6826BF41@sn3rd.com>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="+HP7ph2BbKc20aGI"
Content-Disposition: inline
In-Reply-To: <CF83FAD0-B337-4F9E-A80B-2BAA6826BF41@sn3rd.com>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-CMAE-Envelope: MS4wfLpGfw7XGE9Lle6KhIOf1ACHtGJWFzuE7r0CbxZj1sJcGaUsHd0w/GHr1J+P4ADiV6qyNYN+l2XnazSDr8w3xO5LO2r1gfQ8uDy4KXPKf5Aby25wlADz KupcecQtecKwTxqO0KFdN/51n5ouG2K8PJ0=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9ZfO0izW4Ifk_4BiNT5vszBKe98>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2016 15:05:08 -0000

On Fri, Nov 18, 2016 at 11:12:48AM +0900, Sean Turner wrote:
> At IETF 97, the chairs lead a discussion to resolve whether the WG should rebrand TLS1.3 to something else.  Slides can be found @ https://www.ietf.org/proceedings/97/slides/slides-97-tls-rebranding-aka-pr612-01.pdf.
> 
> The consensus in the room was to leave it as is, i.e., TLS1.3, and to not rebrand it to TLS 2.0, TLS 2, or TLS 4.  We need to confirm this decision on the list so please let the list know your top choice between:
> 
> - Leave it TLS 1.3
> - Rebrand TLS 2.0
> - Rebrand TLS 2
> - Rebrand TLS 4
> 
> by 2 December 2016.

I find it compelling that if we lived in an alternate universe where we
had SSL 1996, TLS 1999, and a recently-published TLS 2006 or TLS 2008,
there would have been a lot less inertia about switching to a later
version.  I find is very optimistic given our history that we could
manage two TLS versions in a year.  If that ever happened, though, we
could do 2019.1 (as an increment) or 2019.11 (for the month).

Barring that, I'd prefer TLS 4, since that gets us out of the version
confusion swamp.  It would seem that almost nobody outside the security
community understands the distinction between SSL and TLS; so if we call
it TLS 4, we'll probably see it referred to as SSLv4.  And that wouldn't
be horrible.  If we call it TLS 2 or TLS 2.0, some might refer to it as
SSLv2.  That would obviously be very bad.

While it's nice to able to look up information about TLS 1.3 drafts,
most of that information is going to be inaccurate anyway, so I don't
see that as a compelling reason to stick to it.  Granted, you have
specific buzz for "TLS 1.3 is going to really improve things" but that's
fairly easy to translate to "the new version of TLS is going to really
improve things".

The distinction between 2 vs 2.0 seems pretty minor.  SSLv2 is 2.0 and
SSLv3 is 3.0, but few write it that way.

Thus my ranked preference would be:

TLS 2017 > TLS 4 > TLS 1.3 > TLS 2 or TLS 2.0

But if I'm limited to a top choice from the list, then "Rebrand TLS 4"

-- 
Scott Schmit

v2.23.0 | Report a Bug | By Email