Re: [TLS] Confirming consensus: TLS1.3->TLS*

Ira McDonald <blueroofmusic@gmail.com> Sat, 19 November 2016 13:31 UTC

Return-Path: <blueroofmusic@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C5FD129682 for <tls@ietfa.amsl.com>; Sat, 19 Nov 2016 05:31:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S9WIBe0T-rF3 for <tls@ietfa.amsl.com>; Sat, 19 Nov 2016 05:31:29 -0800 (PST)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E8E012968C for <tls@ietf.org>; Sat, 19 Nov 2016 05:31:29 -0800 (PST)
Received: by mail-io0-x22e.google.com with SMTP id j65so6641112iof.0 for <tls@ietf.org>; Sat, 19 Nov 2016 05:31:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=cFfLCJygo24dXk3PGWyNnVhAubJSsq3pyzlGaGJSAFI=; b=AG9sVMngb9s/GSy7fDqBPzv4RAUvrOt74R1lZ2XMtALQnRkeYH/XkS0ShyG7/yc5tn rsUzAF9jJsTeW7cS5LlI3p/BgFAkDTmuuo41Kbo2IILTfAYu9fGgczC4iOcmHQUg0QqU YX87dOD0wUp5areTwNQEgEFLXNIjmDXTmEZBpF3nNIGrHu0GQtNezVpoZH1i/q1GtzJB 6hQi3MYqpP244cVskN5s78Jg/J2vlzLftScwA24XGFOwSVtcT8MIOd8Pc87Rz3lnBFPI 3RF+QZyn/PSbXM6uMqAPeAF9VkqWOdESfTv/sdOOsvjyfh3X9h3HsndPI2/TlZ3xgODV tL6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=cFfLCJygo24dXk3PGWyNnVhAubJSsq3pyzlGaGJSAFI=; b=KxI+/1Ne7tnZkNW9/He/b2I3fFEYG0yU/ngGNGSR1ixN2ujpdCOLBsoY/690z4kdBm 3ujYnUBDnJ2llMHFe3kpyW02u7/2utNVyVBj7YbL5xhxc4WLaqe+42vKgDOebE3wKzVn evNWHwEoY4rzNmHX+55qfQbKHpmVzCBME+0VgNfoKgl4Euhj3UnQBbAUDF/SATbPqAR6 /eFr35nfhGPHbmZsBm2jhul+XIswqf/93UWIg/H1aXrFQRAKlt6+Ywj4fuHDvPGraVeg Oivz4Aksl38+EZHBAXV0MbTa6haLD4mtNgy9sizCyzUJOoFode/ff/nXD1Z0mjaxBbHX ydew==
X-Gm-Message-State: AKaTC017tc6JThm7CHNm8PevNZmzdCSGwUTGED+l97ezqVrOEIwC5+Zhdb9TozGPVT80iHhsMzUcSRh/SM9BUg==
X-Received: by 10.107.33.194 with SMTP id h185mr3926219ioh.18.1479562288506; Sat, 19 Nov 2016 05:31:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.8.101 with HTTP; Sat, 19 Nov 2016 05:31:07 -0800 (PST)
In-Reply-To: <CAH8yC8=UHmjvvDxg=NGPbj0W6Ni09TaGJZ-B=pV8zaVESDmkEA@mail.gmail.com>
References: <CF83FAD0-B337-4F9E-A80B-2BAA6826BF41@sn3rd.com> <CAH8yC8=UHmjvvDxg=NGPbj0W6Ni09TaGJZ-B=pV8zaVESDmkEA@mail.gmail.com>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Sat, 19 Nov 2016 08:31:07 -0500
Message-ID: <CAN40gSvuzFSvYt6EzLVbXc0BrrxfCK4R97Bh8JxxM-xJydczBA@mail.gmail.com>
To: noloader@gmail.com, Ira McDonald <blueroofmusic@gmail.com>
Content-Type: multipart/alternative; boundary=001a1140ecb0a12da10541a77063
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PNupL9QeIXuPWMYobVeGjuUp0As>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Nov 2016 13:31:31 -0000

Hi,

I think that the presumption that most tech people (or even security people)
won't have any trouble with the future version numbering of TLS is wrong.

Yesterday morning, on an SAE Vehicle Electrical Systems Security call with
some 40 auto security professionals present, I mentioned that TLS 1.3 was
wrapping up and was asked "What's TLS?"  Usual explanation about SSL
being succeeded by IETF TLS 17 years ago.  Several responses that were
the equivalent of blank stares.  And finally, "Then why is the library still
called OpenSSL?"

Rich has highlighted that the tech community goes right on conflating SSL
with TLS on web sites.

I change my two cents to "TLS 4" but am unsure about "4" or "4.0" because
the tech community has been trained to care about major.minor.

Cheers,
- Ira


Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic@gmail.com
Jan-April: 579 Park Place  Saline, MI  48176  734-944-0094
May-Dec: PO Box 221  Grand Marais, MI 49839  906-494-2434


On Sat, Nov 19, 2016 at 6:32 AM, Jeffrey Walton <noloader@gmail.com>; wrote:

> On Thu, Nov 17, 2016 at 9:12 PM, Sean Turner <sean@sn3rd.com>; wrote:
> > At IETF 97, the chairs lead a discussion to resolve whether the WG
> should rebrand TLS1.3 to something else.  Slides can be found @
> https://www.ietf.org/proceedings/97/slides/slides-
> 97-tls-rebranding-aka-pr612-01.pdf.
> >
> > The consensus in the room was to leave it as is, i.e., TLS1.3, and to
> not rebrand it to TLS 2.0, TLS 2, or TLS 4.  We need to confirm this
> decision on the list so please let the list know your top choice between:
> >
> > - Leave it TLS 1.3
> > - Rebrand TLS 2.0
> > - Rebrand TLS 2
> > - Rebrand TLS 4
> >
> > by 2 December 2016.
>
> Please forgive my ignorance...
>
> Who are you targeting for the versioning scheme? Regular users? Mom
> and pop shops with a web presence? Tech guys and gals? Security folks?
>
> For most tech people and security folks, I don't think it matters
> much. However, how many regular users would have clung to SSLv3 and
> TLS 1.0 (given TLS 1.2 was available) if they were named SSL 1995 and
> TLS 1999 (given TLS 2008 or TLS 2010 was available)?
>
> (Sorry to violate the Hum restriction).
>
> Jeff
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>