IETF Logo Mail Archive

Re: [TLS] Confirming consensus: TLS1.3->TLS*

Eric Mill <eric@konklone.com> Mon, 21 November 2016 01:52 UTC

Return-Path: <eric@konklone.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E2D4129454 for <tls@ietfa.amsl.com>; Sun, 20 Nov 2016 17:52:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rrLNI0q38QFO for <tls@ietfa.amsl.com>; Sun, 20 Nov 2016 17:52:04 -0800 (PST)
Received: from sasl.smtp.pobox.com (pb-smtp2.pobox.com [64.147.108.71]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7A0F1293E1 for <tls@ietf.org>; Sun, 20 Nov 2016 17:52:04 -0800 (PST)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id B784A51FC7 for <tls@ietf.org>; Sun, 20 Nov 2016 20:52:03 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sasl; bh=gQThHgZKqnxPHwVzBNQnNyv2cI8=; b=PE21Qb C0D1hoBXJQpWf10VTbZVc2oskj/3eITAH+sG3hKEtCTPIocEJSa4Ykj6vXPUxM99 ErapXnxUko2DmhBsUwfM/usFtJXMzRYDI+0gmuMxRZxtejJcDe/WGR/6qGH9WiAV /5rnMTiNPPkjCD8wMonkfr67twAueseCuHjcg=
Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id AEC7951FC6 for <tls@ietf.org>; Sun, 20 Nov 2016 20:52:03 -0500 (EST)
Received: from mail-qk0-f173.google.com (unknown [209.85.220.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id 43A4051FC2 for <tls@ietf.org>; Sun, 20 Nov 2016 20:52:03 -0500 (EST)
Received: by mail-qk0-f173.google.com with SMTP id n204so333381293qke.2 for <tls@ietf.org>; Sun, 20 Nov 2016 17:52:03 -0800 (PST)
X-Gm-Message-State: AKaTC01bZdGooCsFZ/xVdM1OqKj2xbMMouPhIr4vkYUYsQ2cKOx4r3vA2bunmHqW711aw8VsGtrRo0j6VTYjhA==
X-Received: by 10.55.207.78 with SMTP id e75mr15266034qkj.36.1479693122613; Sun, 20 Nov 2016 17:52:02 -0800 (PST)
MIME-Version: 1.0
Received: by 10.200.44.205 with HTTP; Sun, 20 Nov 2016 17:51:21 -0800 (PST)
In-Reply-To: <1479669457.3015489.793828961.121B4C8F@webmail.messagingengine.com>
References: <1479669457.3015489.793828961.121B4C8F@webmail.messagingengine.com>
From: Eric Mill <eric@konklone.com>
Date: Sun, 20 Nov 2016 20:51:21 -0500
X-Gmail-Original-Message-ID: <CANBOYLXXkrtCQ76YUDEeroN-jyMsRFN-a+gU_EqWQMzoa6krOw@mail.gmail.com>
Message-ID: <CANBOYLXXkrtCQ76YUDEeroN-jyMsRFN-a+gU_EqWQMzoa6krOw@mail.gmail.com>
To: Filippo Valsorda <ml@filippo.io>
Content-Type: multipart/alternative; boundary="001a1145b7b8f347350541c5e6a0"
X-Pobox-Relay-ID: 1968B062-AF8D-11E6-A51A-3AB77A1B28F4-82875391!pb-smtp2.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/S15vFrySP5l5aLj9xyjeeZQaZAo>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2016 01:52:07 -0000

On Sun, Nov 20, 2016 at 2:17 PM, Filippo Valsorda <ml@filippo.io> wrote:

> I'm definitely for 1.3.
>
> I get where 4 is coming from, but 1.2 is not going anywhere soon, and we
> spent the last 10 years training people that the high-numbered one is
> bad, and that the 1.x ones are cool.
>
> I really don't want to have the following conversation, with the exact
> same people the proponents of 4 are trying to help:
>
> "You only support 1.2, you should support 4"
> "Oh, wasn't it that weird other way around where the high one was
> broken?"
> "Ah, no, 4 is the latest and greatest"
> "Oh, ok, then I should support only 4 and 3?"
> "Nono, 3 is terribly broken."
> "Oh, so only 4? Do all clients support it?"
> "Uh, you should keep 1.2"
> "Ah, so 1.2 is better than 3 but worse than 4?"
> "Yeah... I'm sorry"
>
> "4 is great, 3 is bad, 1.2 is good" is harder than "3 is bad, 1.2 is
> good" was, and harder than "3 is bad, 1.2 is good, 1.3 is great" would
> be.
>

While this conversation might not be impossible, I think it's an unlikely
hypothetical. A change to TLS 4 wouldn't be to address confusion for those
who have already internalized the weird version history (which is mostly
people like us on-list), but for people who only think about TLS/SSL when
they're forced to think about it, once every year or few.

For those people, the real conversations I've had were based on superficial
glances and hazy memories of the protocol history that are reconstituted
every time the subject comes up. Naming it TLS 4 wouldn't fix it for
everyone, but it would be all-upside for some -- as well as providing a
helpful opportunity to drop the faux-minor version number and simplify the
numbering overall in the long term.

The near-term annoyance of renaming things by folks close to the WG, and
the chance of some confusion around the edges, seem like small issues
compared to a positive investment in bending the sanity curve of the next
20 years of lazy enterprise decisions.

-- Eric


>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>



-- 
konklone.com | @konklone <https://twitter.com/konklone>

v2.23.0 | Report a Bug | By Email