IETF Logo Mail Archive

Re: [TLS] TLS 1.3 -> TLS 2.0?

Dave Garrett <davemgarrett@gmail.com> Wed, 31 August 2016 22:43 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA44A12D7B2 for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 15:43:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.194
X-Spam-Level:
X-Spam-Status: No, score=-1.194 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0iAmJ5jO68U for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 15:43:23 -0700 (PDT)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E43F512D77C for <tls@ietf.org>; Wed, 31 Aug 2016 15:43:22 -0700 (PDT)
Received: by mail-qk0-x22d.google.com with SMTP id v123so67258505qkh.2 for <tls@ietf.org>; Wed, 31 Aug 2016 15:43:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-transfer-encoding:message-id; bh=/YpVrk6cqpvghk95WQZRVC18tYMcgTu+vxqMv65qBQY=; b=mY6PlU+aSXxFtLgsC+vlk/3/Gp2mqTD6pOBOvLClJEZYOGwF1yIA0vFvdGs7mxwSDE 8iQufzGZbWzWGWqz5YCwTAwmTBK6rJ+t8fXVahUDHayTJdWkrDMGNyWvAduXno2lItSp voVGbgxbP/GsuwKI99N7vxp6l59WjSjoGDJ5DLnS/gDxZIno8eCv2B4VNJTTCofy1pHV j05+vWAV8/AarhuJLFenhdVNFvUrkibz7cGMYCbokJOz0JJj/ab0SYBwdyEEJJghFeNS QLijRQ0RKp3r9dIbX071QNYd7DlkmKjTDW0lFQdUQbclgCSCG3o7NppGID7qCy1lWJwq xkDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-transfer-encoding:message-id; bh=/YpVrk6cqpvghk95WQZRVC18tYMcgTu+vxqMv65qBQY=; b=YtVfCbr7B10eC2DNOzjpgRRZixKSDywDJYxg3h568NML24ihdA0RkLcEcVGiCK2M3X l4ePGwtXGm0KEPBe7kweOVCulPsyI2u/CGs6kmqarVzx2ktmcdJg9k08NRUkrNgygCAh c5XSBuxTVcyW+JWgGv44dc6EOLXjqh/dhuAEVklXMt7KsUFcT2X6KWb1/rXA9DGt/rOz 07DMpg5DjVfgveWMM7TAInOSiB7ljdfvHtFM7KilMx38bRl5WYuMtVV7+zsNOUlaLFSN NM6fjTcJgs/qCA7aAYHXwoHyP/LR9URlDgK+lvxuABVllBI7PW5a1jnPcMt3iLeziCgJ /zTA==
X-Gm-Message-State: AE9vXwN1Zpy65M9woDja25a3X2SmBR7nwHx1ZJvLdl4eKtLiK2Ey1pJz5BuoO4DfvwUJIQ==
X-Received: by 10.55.8.4 with SMTP id 4mr13780597qki.196.1472683402121; Wed, 31 Aug 2016 15:43:22 -0700 (PDT)
Received: from dave-laptop.localnet (pool-71-185-27-22.phlapa.fios.verizon.net. [71.185.27.22]) by smtp.gmail.com with ESMTPSA id d133sm1194800qke.20.2016.08.31.15.43.21 (version=TLS1 cipher=AES128-SHA bits=128/128); Wed, 31 Aug 2016 15:43:21 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Wed, 31 Aug 2016 18:43:20 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <3453142.248EJ6K14H@pintsize.usersys.redhat.com> <r470Ps-10116i-CEC3CA8865CF43238F20CDDF8386D067@Williams-MacBook-Pro.local> <CAOjisRwQ-p6fi=_wTpdwpSQHzp5-iNKdu=QgGAtYe+HC_huHcg@mail.gmail.com>
In-Reply-To: <CAOjisRwQ-p6fi=_wTpdwpSQHzp5-iNKdu=QgGAtYe+HC_huHcg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201608311843.20382.davemgarrett@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PMpkVgEq8Z9PDsTeGNGwOFm10fs>
Subject: Re: [TLS] TLS 1.3 -> TLS 2.0?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 22:43:24 -0000

On Wednesday, August 31, 2016 06:35:13 pm Nick Sullivan wrote:
> I am reluctant to endorse a name change from TLS 1.3 to TLS 2.0.

I was too, until we created a new cipher suite negotiation incompatible with previous versions.

> I see a few immediate issues with the proposal:
> - it causes confusion with SSL 2.0

I disagree. There is a perpetual confusion between SSL and TLS, but this doesn't really make it that much worse.

> - it implies wire incompatibility with TLS 1.2

SSL 3.0 and TLS 1.0 share compatible hellos. A TLS 2 only client won't be able to connect to a TLS 1.2 only server, but that's true with all version changes. I don't see how a major version bump implies any more wire incompatibility, especially when we bend over backwards to maintain hello compatibility with SSL 3.

> - it suggests there will be a forthcoming TLS 2.1 with only minor changes

There could be, if we wanted to. I don't see a problem with that.

> If we're dead set on bumping the major version for a mostly backwards
> compatible protocol change, we should just drop the minor version and go
> with TLS/2.

I don't have a problem with dropping the ".0", but I don't see the point in the HTTP/2 style slash. TLS 2 is fine.


Dave

v2.23.0 | Report a Bug | By Email