IETF Logo Mail Archive

Re: [TLS] Confirming consensus: TLS1.3->TLS*

darin.pettis@usbank.com Fri, 02 December 2016 18:54 UTC

Return-Path: <darin.pettis@usbank.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0889D129486; Fri, 2 Dec 2016 10:54:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.897
X-Spam-Level:
X-Spam-Status: No, score=-9.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-2.896, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=usbank.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4asuRjqzmwb; Fri, 2 Dec 2016 10:54:52 -0800 (PST)
Received: from mail9.usbank.com (mail9.usbank.com [170.135.218.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D481F127078; Fri, 2 Dec 2016 10:54:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=usbank.com; i=@usbank.com; q=dns/txt; s=TrustUS; t=1480704892; x=1512240892; h=in-reply-to:references:to:cc:mime-version:subject: message-id:from:date; bh=qhTZs+7V93ObVH+9WK8ZZDVQcYzYYXLEph9HhZdLaNc=; b=KYjP0pBTxm8ElqRDVTLTg0i5UXrTPCVtMXb7pKrWun4gY6lR/E0jtkTm /W1k26H3zg+k/gInnnIBVfBLhYcA6ZcBEfn0QjASdtyN4FIAYvnQDhX7Y 8N6Ud1AJqa5YXBqK+ySWBTimC5DddLNwJWSlxIThNXCb0nM2xPAapUD5X E=;
Received: from unknown (HELO mail.svr-internal.com) ([127.0.0.1]) by mail9.usbank.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Dec 2016 12:54:28 -0600
X-Loop1: 1
X_fileSizes: None
In-Reply-To: <BN3PR0301MB0836793E92B078FB8EF66D3F8C8E0@BN3PR0301MB0836.namprd03.prod.outlook.com>
References: <CF83FAD0-B337-4F9E-A80B-2BAA6826BF41@sn3rd.com> <FDFEA8C9B9B6BD4685DCC959079C81F5E1913B9D@BLREML509-MBX.china.huawei.com> <CAOjisRy+Lt59rE-+_bJmD=0oQD+qbeUBsJQyOvH6OggfhqyYqg@mail.gmail.com> <1480566504487.58214@cs.auckland.ac.nz> <D538A9AE-7F5A-4A70-8EED-F7D4426CE087@dukhovni.org> <CAHOTMVJzvf8v0S3vhFASekd6ksut0uNBhJDmuYzSQcJfy6JYpg@mail.gmail.com> <1480648354917.41781@cs.auckland.ac.nz> <CAF8qwaAMcLQYhTVGnPA-=b-L1vmkyhKGPM39QV4+VvPf9GKkbQ@mail.gmail.com> <0836012d-b4dc-f24c-034f-69f3b7121334@cs.tcd.ie> <1480667592856.97451@cs.auckland.ac.nz> <87y3zytn43.fsf@alice.fifthhorseman.net> <BN3PR0301MB0836793E92B078FB8EF66D3F8C8E0@BN3PR0301MB0836.namprd03.prod.outlook.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
MIME-Version: 1.0
X-KeepSent: 20D28CBE:F4174135-8625807D:00669BC6; type=4; name=$KeepSent
X-Mailer: IBM Notes Release 9.0.1FP3 January 13, 2015
Message-ID: <OF20D28CBE.F4174135-ON8625807D.00669BC6-8625807D.0067DC18@usbank.com>
From: darin.pettis@usbank.com
Date: Fri, 02 Dec 2016 12:54:43 -0600
X-MIMETrack: Serialize by Router on EPEM104/MN/Servers/USB(Release 9.0.1FP6 HF273|August 01, 2016) at 12/02/2016 12:54:27 PM, Serialize complete at 12/02/2016 12:54:27 PM
Content-Type: multipart/alternative; boundary="=_alternative 0067DC158625807D_="
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FbcFrYxGDrFz7o_cwu10ia3Umuo>
Cc: TLS <tls-bounces@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2016 18:54:55 -0000

+1 with Andrei. 

"That SSL should never be used" is the one clear message we have so going 
back to SSL would muddy those waters too much.  Strong vote for staying 
with TLS.  It will become better known over time- especially with the 
current enterprise push to deprecate all SSL versions from use. 
Regarding the numbering schema, someone recently mentioned that probably 
only a few hundred of us are aware of the TLS 1.3 nomenclature at this 
point and I would concur with that.  So, after considering all of the good 
points that have been circulating, I would like to change my vote to TLS 
2017.  It provides clarity, recognizes that it is a major change and pulls 
us out of the whole SSL/TLS numbering confusion/quagmire.

Darin



From:   Andrei Popov <Andrei.Popov@microsoft.com>
To:     Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Peter Gutmann 
<pgut001@cs.auckland.ac.nz>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, 
David Benjamin <davidben@chromium.org>, Tony Arcieri <bascule@gmail.com>, 
"<tls@ietf.org>" <tls@ietf.org>
Date:   12/02/2016 12:34 PM
Subject:        Re: [TLS] Confirming consensus: TLS1.3->TLS*
Sent by:        "TLS" <tls-bounces@ietf.org>



Indeed, "all known versions of SSL are broken and should never be used" is 
what I've been telling people for a while now...

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Daniel Kahn Gillmor
Sent: Friday, December 2, 2016 6:36 AM
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>; Stephen Farrell 
<stephen.farrell@cs.tcd.ie>; David Benjamin <davidben@chromium.org>; Tony 
Arcieri <bascule@gmail.com>; <tls@ietf.org> <tls@ietf.org>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri 2016-12-02 03:33:21 -0500, Peter Gutmann wrote:
> If no-one from Microsoft has any objections, can we just rename it 
> back to what it's always been for everyone but us, SSL?

fwiw, the industry (and stackexchange) uses "SSL" to mean all sorts of 
things, not only TLS.  Yesterday i got an e-mail from a reputable CA 
reseller that said "Your SSL is expiring in two days!  Buy a new SSL now!"

Surely no one is proposing that we also re-name the X.509 certificate 
format to "SSL" just because vendors whose business models revolve around 
these products are confused about terminology.  What else should we rename 
to "SSL" on that basis?  Maybe a load-balancer is also "SSL"!

Here's a useful and effective meme for convincing bosses that it's ok to 
turn off SSLv3: all known versions of SSL are broken and should never be 
used.  Please do not break this meme by trying to rename TLS to SSL.

I don't care about the bikeshed over the number: i'd be fine with any of 
TLS 1.3 or TLS 4 or TLS 2017.  But can we please not create *even more* 
confusion by bikeshedding over the name itself?

       --dkg

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls




U.S. BANCORP made the following annotations
---------------------------------------------------------------------
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.

---------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email