Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
Dave Garrett <davemgarrett@gmail.com> Sun, 28 December 2014 01:51 UTC
Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B33C11ACE7D for <tls@ietfa.amsl.com>; Sat, 27 Dec 2014 17:51:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9DlqXYO9ML2A for <tls@ietfa.amsl.com>; Sat, 27 Dec 2014 17:51:24 -0800 (PST)
Received: from mail-qc0-x236.google.com (mail-qc0-x236.google.com [IPv6:2607:f8b0:400d:c01::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FDAD1ACE7C for <tls@ietf.org>; Sat, 27 Dec 2014 17:51:24 -0800 (PST)
Received: by mail-qc0-f182.google.com with SMTP id r5so8241585qcx.41 for <tls@ietf.org>; Sat, 27 Dec 2014 17:51:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=+gx5b+ux7PijjHykeozLOXcrTvf/JBPvmxDqlvIplMk=; b=SZJM+t8zBz9Y/B9G9Ajld5xW9Wpu76PZzQEWUZ9p8ClmZ8tw+QVNDe9vCiaI8Vh9N9 wDJvsqZMnQXJ0rSK+7nNLEIjjZIZfS6eY09CWmKde5dLJMS7V+CuGquPvevB0GsoWHM+ R8n2K0xb9tFU3OaKMwG9NHuUXeN8SIxRpeb8UvwYyTYJnU83V9juf4o+L18TG4ncuskI BB/429kD5iKzNh/WElRdUcml/G0RsUBPyIPJnkMzbDplLT4RqWkkUdfDc5QiahlxJGe2 q3IfBmKoCZ/jcWBgZGQHSbEOQbUPaVFvtfFRG1Z8R/btw4eNXpYot2nXWR/gRUYfknTb rBZQ==
X-Received: by 10.224.103.195 with SMTP id l3mr66048139qao.38.1419731483285; Sat, 27 Dec 2014 17:51:23 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-78-212-218.phlapa.fios.verizon.net. [72.78.212.218]) by mx.google.com with ESMTPSA id k9sm30019926qaj.7.2014.12.27.17.51.22 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 27 Dec 2014 17:51:22 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: Brian Smith <brian@briansmith.org>
Date: Sat, 27 Dec 2014 20:51:21 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-66-generic-pae; KDE/4.4.5; i686; ; )
References: <201412221945.35644.davemgarrett@gmail.com> <201412272007.52081.davemgarrett@gmail.com> <CAFewVt6sMiUsV3bR+b99rVRVeOHc9OQGYk6DEK73QaX6_v77yA@mail.gmail.com>
In-Reply-To: <CAFewVt6sMiUsV3bR+b99rVRVeOHc9OQGYk6DEK73QaX6_v77yA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201412272051.21819.davemgarrett@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/KsvUajph3SNR0t2-uuB0WRgpL80
X-Mailman-Approved-At: Mon, 29 Dec 2014 09:10:39 -0800
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2014 01:51:26 -0000
On Saturday, December 27, 2014 08:38:56 pm Brian Smith wrote: > Servers generally cannot flip switches on the client. I'm referring to situations where an organization has legacy software they use with old clients and an old server. In a case like that, they would be capable of pushing a pref change to their clients easily enough. If we're talking about obsolete clients on the general web, then no, obviously. I just prefer breakage over perpetuating its legitimacy. > I want TLS 1.3 to be deployed widely and quickly after it's been > standardized, and I want people to be able to put it into production > use during the standardization effort so we get the same kind of > interop testing that HTTP/2 got. This requires that the TLS 1.3 spec > should try to avoid breaking how earlier versions of TLS work, unless > there is a very strong reason to do so. Very much agreed, however I argue that legacy complexity and its resultant risks are strong enough, and that not enough clients would break to justify keeping it. (the later could unfortunately be swayed with stats that say otherwise) Dave
- [TLS] drop obsolete SSL 2 backwards compatibility… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- [TLS] explicitly specify ClientHello record versi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Jeffrey Walton
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Hauke Mehrtens
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yoav Nir
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Fabrice
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Hauke Mehrtens
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Kurt Roeckx
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Salz, Rich
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Watson Ladd
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Thomson
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Peter Gutmann
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Brian Smith
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Salz, Rich
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Florian Weimer
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Florian Weimer
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Daniel Kahn Gillmor
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Andrei Popov
- [TLS] Downgrade Dance steps (Re: drop obsolete SS… Martin Rex
- Re: [TLS] Downgrade Dance steps (Re: drop obsolet… Dave Garrett
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Martin Rex
- Re: [TLS] drop obsolete SSL 2 backwards compatibi… Yuhong Bao