IETF Logo Mail Archive

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Andrei Popov <Andrei.Popov@microsoft.com> Fri, 02 December 2016 18:34 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40D1B128AB0 for <tls@ietfa.amsl.com>; Fri, 2 Dec 2016 10:34:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OnBw5cnSdVIj for <tls@ietfa.amsl.com>; Fri, 2 Dec 2016 10:34:45 -0800 (PST)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0101.outbound.protection.outlook.com [104.47.33.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBFF41295DA for <tls@ietf.org>; Fri, 2 Dec 2016 10:34:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GvnMFEJP2NPJzPLgvnPtT4fsi6YwnF7WObjUqP3dSXg=; b=cs7ek4xyCQkVwVCfSAq0newA9pbMJMwEwQA+yE+xcoA3HIBrxg/r3eWfTALhyzhtB2ZfsyRgx3LA0Cy8gdSxc70qYnhYwU3aSNCg2tRhcHkUe3EjXLkmP9WTGaSDqw6gCfXMzYTO0w/n0tf3ttD6/1zlNjllrBJgZ4cPzssXy1k=
Received: from BN3PR0301MB0836.namprd03.prod.outlook.com (10.160.154.146) by BN3PR0301MB0836.namprd03.prod.outlook.com (10.160.154.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.693.12; Fri, 2 Dec 2016 18:34:42 +0000
Received: from BN3PR0301MB0836.namprd03.prod.outlook.com ([10.160.154.146]) by BN3PR0301MB0836.namprd03.prod.outlook.com ([10.160.154.146]) with mapi id 15.01.0693.009; Fri, 2 Dec 2016 18:34:42 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, David Benjamin <davidben@chromium.org>, Tony Arcieri <bascule@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Confirming consensus: TLS1.3->TLS*
Thread-Index: AQHSQUFnfYxD1l3raU+THHLUgHfRNqDwC7aAgAJbVICAAC0oAIAABEIAgAFpLoCAAA+9gIAABjwAgABRlgCAAAHGgIAAZTsAgABB5tA=
Date: Fri, 02 Dec 2016 18:34:42 +0000
Message-ID: <BN3PR0301MB0836793E92B078FB8EF66D3F8C8E0@BN3PR0301MB0836.namprd03.prod.outlook.com>
References: <CF83FAD0-B337-4F9E-A80B-2BAA6826BF41@sn3rd.com> <FDFEA8C9B9B6BD4685DCC959079C81F5E1913B9D@BLREML509-MBX.china.huawei.com> <CAOjisRy+Lt59rE-+_bJmD=0oQD+qbeUBsJQyOvH6OggfhqyYqg@mail.gmail.com> <1480566504487.58214@cs.auckland.ac.nz> <D538A9AE-7F5A-4A70-8EED-F7D4426CE087@dukhovni.org> <CAHOTMVJzvf8v0S3vhFASekd6ksut0uNBhJDmuYzSQcJfy6JYpg@mail.gmail.com> <1480648354917.41781@cs.auckland.ac.nz> <CAF8qwaAMcLQYhTVGnPA-=b-L1vmkyhKGPM39QV4+VvPf9GKkbQ@mail.gmail.com> <0836012d-b4dc-f24c-034f-69f3b7121334@cs.tcd.ie> <1480667592856.97451@cs.auckland.ac.nz> <87y3zytn43.fsf@alice.fifthhorseman.net>
In-Reply-To: <87y3zytn43.fsf@alice.fifthhorseman.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-originating-ip: [2001:4898:80e8:9::1d2]
x-microsoft-exchange-diagnostics: 1; BN3PR0301MB0836; 7:6Jn0fm895bz4vcA8biCnoDVuVRtmUuzNeVvyrQXn98GsR0zKgMRV4+LYf9+pYYzXeb2BRTtx20w7Z4la9XF7++UzopqHJA5+S/lOuYljcSTKSrO5LlkED4f+rVFhuK6w6dHHfbaPOxWd9imM26YO65YguINtFjq9HM0B/tVrDdQKZw4JLQE4IuWS9vGv4YD/+MZzeYtGPtAGHWK/XCRH2vWWRWkNPzKafNMD3tcvDRExCSO1ZMVdZg5ycBjxx3v37EhowNtyt8Q1hrZ31wt6z8BR8nbZZyG6nUHZaj3kIOOTH9wL1eJPxGFAirdQXJTIldM+V4ReRWzrKOrHbvtbOe6GxwrAth2fmWHTpwUKzXAIe+oACZxi9DEGoabJHXQl
x-ms-office365-filtering-correlation-id: 596a5b37-dbd2-4a25-e3ae-08d41ae1e1f7
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:BN3PR0301MB0836;
x-microsoft-antispam-prvs: <BN3PR0301MB08360AAF369A5A2C954BE3278C8E0@BN3PR0301MB0836.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(32856632585715)(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123560025)(20161123555025)(20161123562025)(20161123564025)(6072148)(6047074); SRVR:BN3PR0301MB0836; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB0836;
x-forefront-prvs: 0144B30E41
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(13464003)(199003)(189002)(24454002)(377424004)(377454003)(7696004)(97736004)(81156014)(7736002)(189998001)(8936002)(3660700001)(5001770100001)(107886002)(7846002)(8676002)(9686002)(76576001)(86362001)(81166006)(86612001)(2906002)(77096006)(39450400002)(68736007)(3280700002)(93886004)(105586002)(106356001)(101416001)(10290500002)(5005710100001)(54356999)(229853002)(6506004)(106116001)(102836003)(39410400001)(6116002)(2950100002)(5660300001)(74316002)(10090500001)(38730400001)(92566002)(305945005)(33656002)(39060400001)(122556002)(2900100001)(76176999)(8990500004)(99286002)(50986999)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB0836; H:BN3PR0301MB0836.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Dec 2016 18:34:42.4093 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB0836
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DVPDhVdL1--GTVPLHGPOual7zlo>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2016 18:34:47 -0000

Indeed, "all known versions of SSL are broken and should never be used" is what I've been telling people for a while now...

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Daniel Kahn Gillmor
Sent: Friday, December 2, 2016 6:36 AM
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>; Stephen Farrell <stephen.farrell@cs.tcd.ie>; David Benjamin <davidben@chromium.org>; Tony Arcieri <bascule@gmail.com>; <tls@ietf.org> <tls@ietf.org>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri 2016-12-02 03:33:21 -0500, Peter Gutmann wrote:
> If no-one from Microsoft has any objections, can we just rename it 
> back to what it's always been for everyone but us, SSL?

fwiw, the industry (and stackexchange) uses "SSL" to mean all sorts of things, not only TLS.  Yesterday i got an e-mail from a reputable CA reseller that said "Your SSL is expiring in two days!  Buy a new SSL now!"

Surely no one is proposing that we also re-name the X.509 certificate format to "SSL" just because vendors whose business models revolve around these products are confused about terminology.  What else should we rename to "SSL" on that basis?  Maybe a load-balancer is also "SSL"!

Here's a useful and effective meme for convincing bosses that it's ok to turn off SSLv3: all known versions of SSL are broken and should never be used.  Please do not break this meme by trying to rename TLS to SSL.

I don't care about the bikeshed over the number: i'd be fine with any of TLS 1.3 or TLS 4 or TLS 2017.  But can we please not create *even more* confusion by bikeshedding over the name itself?

       --dkg

v2.23.0 | Report a Bug | By Email