[TLS] TLS 1.3 -> TLS 2.0?

Dave Garrett <davemgarrett@gmail.com> Tue, 30 August 2016 18:19 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 9073212D7AB for <tls@ietfa.amsl.com>; Tue, 30 Aug 2016 11:19:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.194
X-Spam-Status: No, score=-1.194 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id uTmNdQtR2LbT for <tls@ietfa.amsl.com>; Tue, 30 Aug 2016 11:19:36 -0700 (PDT)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A70312D7A7 for <tls@ietf.org>; Tue, 30 Aug 2016 11:19:36 -0700 (PDT)
Received: by mail-qk0-x232.google.com with SMTP id t7so27410306qkh.1 for <tls@ietf.org>; Tue, 30 Aug 2016 11:19:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:mime-version :content-transfer-encoding:message-id; bh=pjZzg7aiZe+dKyXaQtDsnEidFWJ0g1AEj6ToX+tsbms=; b=R+ANcAYDIDmqqgJ72uGFizH8t1iCxA445459rPYwtaGfEkuots1rcm5ka4atNHmyH6 dZ3CwI0aATAwnvhDNA3VCtOfE4TieuIVVPTRVBaFBdz4T1qwuRGxUfcHjryBsdw/3bAt SyyRbiNksdqBzAhDpG9+J7EMVsKFUWVMdb3H2aY3GZmH6qEriIErvGx+hYSbSkmDDyDF lqISIm1JyIL4JUOKbx3BDxzkesPlxaS9d3mSRW45ct1/YVJQyfi9xkHto7Ovd3bLrU0V ONygRcveCv1XcxWDR7t/z4aiK412NCWhoi5JXSkNmOiT/Cdlyc6d4CacfTVzgxoEAVil n09A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:user-agent:mime-version :content-transfer-encoding:message-id; bh=pjZzg7aiZe+dKyXaQtDsnEidFWJ0g1AEj6ToX+tsbms=; b=fdwTFEvnXtWhCtwNs/jUCx8EJK5qytQT5TI6mEfJFeaL43GaSNbPV9D7w7yW7MOpPu KMpCt7lxogtyQjcAKyu6QbFu1KYFcxCXROSKtOr5g1XOSCqIp4kB2G9t0tvKa989lytb OH/cbCdZn5PveEKCN0CzuMOlf/cZkEgfdsqQTvvjNqFbtt9/Am/WON7tTnBxjgJqDy3c iolZe2mL+lsEvDhYjgErIdqx2r9ILSU/QhkEkZ1Gy2C4wcLlROMqWrf6ITV5yWyiI/3E jotj1uaFYb7THpfYDnwifJlCdFoiM8gc53OUPuWaHsIxuAAZQ5SgPopUP+KBO17wxA3c RKyg==
X-Gm-Message-State: AE9vXwMIBs6vSdu5Eng51eXqnxIeIo0q8ssmMNSrstPJ49dSxXhslRgMSvCYMcRoX/wQMA==
X-Received: by with SMTP id m18mr4506978qke.40.1472581175307; Tue, 30 Aug 2016 11:19:35 -0700 (PDT)
Received: from dave-laptop.localnet (pool-71-185-27-22.phlapa.fios.verizon.net. []) by smtp.gmail.com with ESMTPSA id x201sm1071532qkx.32.2016. for <tls@ietf.org> (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 30 Aug 2016 11:19:34 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Tue, 30 Aug 2016 14:19:33 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <201608301419.33620.davemgarrett@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PGOkA86lazL8-Uvi74CnHdc1X2Q>
Subject: [TLS] TLS 1.3 -> TLS 2.0?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2016 18:19:37 -0000

I occasionally see people ask why we're calling it TLS 1.3 when so much has changed, and I used to simply think that it was too bikesheddy to bother changing at this point. However, now that we've redone negotiation, we have new TLS 1.3+ only cipher suites. The old are not compatible with the new (new codepoints needed for old ciphers) and the new are not backwards compatible with the old (they'll just be ignored). We actually risk misconfiguration in the future if the distinction isn't made clear. I think it's time we just renamed TLS 1.3 to TLS 2.0. There are major changes, so labeling it a major version seems more appropriate.

Note that contrary to what some people seem to think, version numbers are not completely without meaning. To someone who doesn't really know/care that much what TLS is, making sure to use the latest major version of a security protocol carries more weight than a minor version. It also makes it clear that there are new features here (e.g. 0-RTT). There's some de facto standardization in versioning which does carry some useful information. We're not just dealing with programmers here; this stuff needs to be clear for managers and non-professionals. If we want to get everyone upgraded eventually, messaging is important.

Specific proposed changes:
* Mass rename TLS 1.3 to TLS 2.0 in all places (or TLS 2)
* Keep the version ID as { 3, 4 } (already weird counting; changing risks more intolerance)
* Rename the new cipher suites to have a "TLS2_" prefix to be less confusing for the registry & end configuration
* Add a sentence noting the development history here, and that all documents that refer to TLS 1.3 refer to TLS 2.0 (e.g. HTTP/2)

This is a relatively simple set of changes to make that I think can be beneficial in the long run, and is essentially just editorial. Rebranding might not be something everyone really wants to bother with, but if we expect this to be in use for a decade or more (whether we like it or not), we should probably make sure to be as clear as possible at the start.