Re: [TLS] TLS 1.3 -> TLS 2.0?

Yoav Nir <ynir.ietf@gmail.com> Wed, 31 August 2016 17:34 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E237012D552 for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 10:34:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.193
X-Spam-Level:
X-Spam-Status: No, score=-1.193 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nay1Q4_uouAT for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 10:34:25 -0700 (PDT)
Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6188C12D13B for <tls@ietf.org>; Wed, 31 Aug 2016 10:34:25 -0700 (PDT)
Received: by mail-wm0-x22c.google.com with SMTP id c133so42576673wmd.1 for <tls@ietf.org>; Wed, 31 Aug 2016 10:34:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=5eEFMozev+eR0kUgJpC16TeQvjm412fjYhzkQskB3ds=; b=JQ+CP9BXjdOXgyMwVIzKOM0c7fByJ/B/sGrIPaYalX1mqZXVz6BHhHwP2T7DU5cPsY lq6ETBZSJoV9xyH+AVdBKI3+8I2aqpmvCAy2TzNMa416Ix52CuigPKt47zrUJI+msh89 8ej5Pr4myMTHX/YiT18YXh0oBptdWqGg6vm5kUCAwIch2yzhlsE9yNKumTaeIEAS71CX SeM8JJWhSgOPTROOx79Hl0/fXMNAzfE1llFGjUtbnWJmbfNT+GURAEi8kSkb8XZ5sOCQ kqfAJqBhCdS3gfLg908Ii+a0F+b1Nm7aD0PjfMCZDCu8VXO4Kq8WlAN25gzaqPy3AhHV 5IaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=5eEFMozev+eR0kUgJpC16TeQvjm412fjYhzkQskB3ds=; b=WPQ0gDzUzy3zzP8/3spOZ2KGYvRB7rjkPy/T/8DFi+suVzaaaH5whZtLi5KNCXy0QX 9Ec9yOPUTJCHqEo9dzXP/8s3TtoFBdAM/UENRgcmR39t7pYiuOqOA9/Fcga/MSa+ADFd 7O+F/lLq1Ze9rHCBQ6yLOSbc4GTqRpXXtT4nCh9dAOr6/dukXncCR9OlmU3NGnmWpu1p xpjDxbRLPvcjHaEKYjajeY5pDCaZ2MauGFs/jsmgecz4mG9GiCPQZHMivOSplmXxiMlY /1mcCBGkaokP61j5TU2faaZLJdCC6+/U3VHHCGxTgEZCr8/oPZ6M3eUt9m7h2DJ9hxI/ bY5A==
X-Gm-Message-State: AE9vXwO++CHH2WSp31lOJ6OpmXQlYJIaySHgLgDXj4lUfvjmxpDTHeRPbBEnaIKJLsN0mQ==
X-Received: by 10.194.89.73 with SMTP id bm9mr11118417wjb.76.1472664863645; Wed, 31 Aug 2016 10:34:23 -0700 (PDT)
Received: from [192.168.1.14] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id m81sm24759238wmf.1.2016.08.31.10.34.22 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 31 Aug 2016 10:34:23 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_026F708B-E99F-4049-8E53-5B0418BB1E4F"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CY1PR0301MB084231AD8DF90812959E25578CE30@CY1PR0301MB0842.namprd03.prod.outlook.com>
Date: Wed, 31 Aug 2016 20:34:28 +0300
Message-Id: <29F42251-E802-44A1-988D-EA615BBC2143@gmail.com>
References: <201608301419.33620.davemgarrett@gmail.com> <2135572.Ea2pKTvtKx@pintsize.usersys.redhat.com> <878tvex8a6.fsf@alice.fifthhorseman.net> <DF0CFCAF-7B80-428D-87A5-7A577CFE3323@gmail.com> <CY1PR0301MB084231AD8DF90812959E25578CE30@CY1PR0301MB0842.namprd03.prod.outlook.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Oe_xP_bAhNvt3XY5JCV-4Ej-ncs>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 -> TLS 2.0?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 17:34:27 -0000

> On 31 Aug 2016, at 8:28 PM, Andrei Popov <Andrei.Popov@microsoft.com>; wrote:
> 
>> No they don’t always look at the 16-bit field (although they might), but they look at you funny when you tell them that 1.0 > 3.0 and that you should totally disable 3.0 and prefer to use 1.2 instead.
> :) True, but when this happens, I simply tell them that all SSL versions are broken, so they have to use TLS.
> I'd rather have a consistent versioning story for TLS (1.0->1.1->1.2->2.0), rather than trying to fix the SSL3->TLS1.0 inconsistency at this point.
> It's already fun enough to explain why DTLS jumped from 1.0 to 1.2 (or Windows from 8 to 10, for that matter).

I once had to explain to a GUI designer why this piece of UI genius was not a good idea

    Choose the minimal support SSL / TLS version:
         |       |
         +-------+
          | 1.0 |
          | 1.1 |
          | 1.2 |
          | 2.0 |
          | 3.0 |
          +-----+