Re: [TLS] TLS 1.3 -> TLS 2.0?
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 31 August 2016 14:09 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FFFF12DC0D for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 07:09:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.394
X-Spam-Level:
X-Spam-Status: No, score=-0.394 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CgTxNdiA-bjZ for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 07:09:41 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by ietfa.amsl.com (Postfix) with ESMTP id 8559712DC7C for <tls@ietf.org>; Wed, 31 Aug 2016 06:53:46 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 8D918F98B; Wed, 31 Aug 2016 09:53:45 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id A03C2201E8; Tue, 30 Aug 2016 17:21:24 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Hubert Kario <hkario@redhat.com>, tls@ietf.org
In-Reply-To: <2135572.Ea2pKTvtKx@pintsize.usersys.redhat.com>
References: <201608301419.33620.davemgarrett@gmail.com> <2135572.Ea2pKTvtKx@pintsize.usersys.redhat.com>
User-Agent: Notmuch/0.22.1+88~g8d09e96 (https://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Tue, 30 Aug 2016 17:21:21 -0400
Message-ID: <878tvex8a6.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OUgSJBxiC92Mm9kR0-DYdznTLXw>
Subject: Re: [TLS] TLS 1.3 -> TLS 2.0?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 14:09:46 -0000
On Tue 2016-08-30 16:14:06 -0400, Hubert Kario wrote: > On Tuesday, 30 August 2016 14:19:33 CEST Dave Garrett wrote: >> * Keep the version ID as { 3, 4 } (already weird counting; changing risks >> more intolerance) > > IMNSHO this alone is enough of a reason not to do this > > it's enough explaining to people that SSLv3.3 is really TLSv1.2, now we'll > have SSLv3.4 == TLSv1.3 == TLSv2.0 > > it's silly at this point Who are you talking to who's fine with looking at the bytes on the wire but isn't fine with understanding that a 16-bit field might not map directly to our imagination of decimal? If that mapping really matters, We could combine this with Erik Nygren's version inflation suggestion and just jump straight to TLS 34 :P https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml doesn't have a "TLS version" registry. Would it be simpler to have IANA create that and just populate it with: Value | Description | Reference ------+-------------+---------- 0x30 | SSLv3 | RFC 6101, RFC 7568 0x31 | TLSv1.0 | RFC 2246 0x32 | TLSv1.1 | RFC 4346 0x33 | TLSv1.2 | RFC 5246 0x34 | TLSv4 | RFC XXXX Then you could tell people to just look it up in the table. --dkg, tongue only marginally in cheek
- Re: [TLS] TLS 1.3 -> TLS 2.0? Andrei Popov
- Re: [TLS] TLS 1.3 -> TLS 2.0? Peter Gutmann
- [TLS] TLS 1.3 -> TLS 2.0? Dave Garrett
- Re: [TLS] TLS 1.3 -> TLS 2.0? Xiaoyin Liu
- Re: [TLS] TLS 1.3 -> TLS 2.0? Dave Garrett
- Re: [TLS] TLS 1.3 -> TLS 2.0? Hubert Kario
- Re: [TLS] TLS 1.3 -> TLS 2.0? Erik Nygren
- Re: [TLS] TLS 1.3 -> TLS 2.0? Rob Stradling
- Re: [TLS] TLS 1.3 -> TLS 2.0? Xiaoyin Liu
- Re: [TLS] TLS 1.3 -> TLS 2.0? Nikos Mavrogiannopoulos
- Re: [TLS] TLS 1.3 -> TLS 2.0? Julien ÉLIE
- Re: [TLS] TLS 1.3 -> TLS 2.0? Peter Gutmann
- Re: [TLS] TLS 1.3 -> TLS 2.0? Hubert Kario
- Re: [TLS] TLS 1.3 -> TLS 2.0? Xiaoyin Liu
- Re: [TLS] TLS 1.3 -> TLS 2.0? Hubert Kario
- Re: [TLS] TLS 1.3 -> TLS 2.0? Daniel Kahn Gillmor
- Re: [TLS] TLS 1.3 -> TLS 2.0? Salz, Rich
- Re: [TLS] TLS 1.3 -> TLS 2.0? Yoav Nir
- Re: [TLS] TLS 1.3 -> TLS 2.0? =JeffH
- Re: [TLS] TLS 1.3 -> TLS 2.0? Brian Sniffen
- Re: [TLS] TLS 1.3 -> TLS 2.0? Andrei Popov
- Re: [TLS] TLS 1.3 -> TLS 2.0? Yoav Nir
- Re: [TLS] TLS 1.3 -> TLS 2.0? Dave Garrett
- Re: [TLS] TLS 1.3 -> TLS 2.0? Bill Frantz
- Re: [TLS] TLS 1.3 -> TLS 2.0? Nick Sullivan
- Re: [TLS] TLS 1.3 -> TLS 2.0? Erik Nygren
- Re: [TLS] TLS 1.3 -> TLS 2.0? Dave Garrett
- Re: [TLS] TLS 1.3 -> TLS 2.0? Richard Barnes
- Re: [TLS] TLS 1.3 -> TLS 2.0? Dave Garrett
- Re: [TLS] TLS 1.3 -> TLS 2.0? Eric Mill
- Re: [TLS] TLS 1.3 -> TLS 2.0? Judson Wilson
- Re: [TLS] TLS 1.3 -> TLS 2.0? Adam Caudill
- Re: [TLS] TLS 1.3 -> TLS 2.0? Dave Garrett
- Re: [TLS] TLS 1.3 -> TLS 2.0? Yoav Nir
- Re: [TLS] TLS 1.3 -> TLS 2.0? Joseph Lorenzo Hall
- Re: [TLS] TLS 1.3 -> TLS 2.0? Peter Gutmann
- Re: [TLS] TLS 1.3 -> TLS 2.0? Colm MacCárthaigh