IETF Logo Mail Archive

Re: [TLS] Confirming consensus: TLS1.3->TLS*

"Ackermann, Michael" <MAckermann@bcbsm.com> Fri, 02 December 2016 19:15 UTC

Return-Path: <mackermann@bcbsm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E52F4129715 for <tls@ietfa.amsl.com>; Fri, 2 Dec 2016 11:15:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.091
X-Spam-Level:
X-Spam-Status: No, score=-4.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=bcbsm.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AtbwoypmfeZp for <tls@ietfa.amsl.com>; Fri, 2 Dec 2016 11:15:46 -0800 (PST)
Received: from mx.z120.zixworks.com (bcbsm.zixworks.com [199.30.235.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97BEA1296C4 for <tls@ietf.org>; Fri, 2 Dec 2016 11:15:46 -0800 (PST)
Received: from 127.0.0.1 (ZixVPM [127.0.0.1]) by Outbound.z120.zixworks.com (Proprietary) with SMTP id D9512C163C for <tls@ietf.org>; Fri, 2 Dec 2016 13:15:45 -0600 (CST)
Received: from imsva1.bcbsm.com (unknown [12.107.172.80]) by mx.z120.zixworks.com (Proprietary) with SMTP id 4881BC15E6; Fri, 2 Dec 2016 13:15:45 -0600 (CST)
Received: from imsva1.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B9CBF92072; Fri, 2 Dec 2016 14:05:46 -0500 (EST)
Received: from imsva1.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6E4519206C; Fri, 2 Dec 2016 14:05:46 -0500 (EST)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (unknown [207.46.163.114]) by imsva1.bcbsm.com (Postfix) with ESMTPS; Fri, 2 Dec 2016 14:05:46 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.onmicrosoft.com; s=selector1-bcbsm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=iiUgrIPVOJyvT/5/fRn4cZtIW6ofVA48EMAUNG2dcrI=; b=pjnHRZ9B2HV23TLPsbyoKqyIwAbyqKUixJnUyqCjCIxmtV8MjsjB+0xvyh1QLK7UyKrgLmGcKC64O+Diq96OYOUpyshIoEkv7NdsBR8IXry3oS1HwYc1EoWkFQHUJM9S/RGCWU1Z/Wv+JibJVq3z6YI1xxfYQ6LWaUfWfJervE4=
Received: from CY4PR14MB1368.namprd14.prod.outlook.com (10.172.158.148) by CY4PR14MB1365.namprd14.prod.outlook.com (10.172.158.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.761.9; Fri, 2 Dec 2016 19:15:42 +0000
Received: from CY4PR14MB1368.namprd14.prod.outlook.com ([10.172.158.148]) by CY4PR14MB1368.namprd14.prod.outlook.com ([10.172.158.148]) with mapi id 15.01.0761.012; Fri, 2 Dec 2016 19:15:42 +0000
From: "Ackermann, Michael" <MAckermann@bcbsm.com>
To: "darin.pettis@usbank.com" <darin.pettis@usbank.com>, Andrei Popov <Andrei.Popov@microsoft.com>
Thread-Topic: [TLS] Confirming consensus: TLS1.3->TLS*
Thread-Index: AQHSQUFbDwnoZvNGaEa/4tBFYw2nKKDwC7aAgAJbVICAAC0oAIAABEIAgAFpLoCAAA+9gIAABjwAgABRlgCAAAHGgIAAZTsAgABCyQCAAAWYgIAABZKQ
Date: Fri, 02 Dec 2016 19:15:42 +0000
Message-ID: <CY4PR14MB13683C85C0208865FC45965AD78E0@CY4PR14MB1368.namprd14.prod.outlook.com>
References: <CF83FAD0-B337-4F9E-A80B-2BAA6826BF41@sn3rd.com> <FDFEA8C9B9B6BD4685DCC959079C81F5E1913B9D@BLREML509-MBX.china.huawei.com> <CAOjisRy+Lt59rE-+_bJmD=0oQD+qbeUBsJQyOvH6OggfhqyYqg@mail.gmail.com> <1480566504487.58214@cs.auckland.ac.nz> <D538A9AE-7F5A-4A70-8EED-F7D4426CE087@dukhovni.org> <CAHOTMVJzvf8v0S3vhFASekd6ksut0uNBhJDmuYzSQcJfy6JYpg@mail.gmail.com> <1480648354917.41781@cs.auckland.ac.nz> <CAF8qwaAMcLQYhTVGnPA-=b-L1vmkyhKGPM39QV4+VvPf9GKkbQ@mail.gmail.com> <0836012d-b4dc-f24c-034f-69f3b7121334@cs.tcd.ie> <1480667592856.97451@cs.auckland.ac.nz> <87y3zytn43.fsf@alice.fifthhorseman.net> <BN3PR0301MB0836793E92B078FB8EF66D3F8C8E0@BN3PR0301MB0836.namprd03.prod.outlook.com> <OF20D28CBE.F4174135-ON8625807D.00669BC6-8625807D.0067DC18@usbank.com>
In-Reply-To: <OF20D28CBE.F4174135-ON8625807D.00669BC6-8625807D.0067DC18@usbank.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=MAckermann@bcbsm.com;
x-originating-ip: [167.242.50.39]
x-ms-office365-filtering-correlation-id: 50b5e489-45dd-40bf-9839-08d41ae79c5b
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY4PR14MB1365;
x-microsoft-exchange-diagnostics: 1; CY4PR14MB1365; 7:5Kj78msTzqOHySjZK3aiOXSJAaSZZYkvliJHH1EXpIB4EYH+fZS9bMBcCZ+CviOocB9u0DHLQawHjv+yBIDrGPjW649grX5Ex35txcpY/0ZSsdjtEkv4y1VApD0NQxquLRBQPQLHtqhYHMEnH7X7n4vEZdxLNyUDrQb0zzUlH0nm6RJ/BS6YKeFDpnUZrNiejZMSTJnIITZmt+dXnlTYsAanWVez7HtjJ8/GsxqwvLThYoMWh4wg6hSouBpo72+gSvjKvx6xrrTGDeLbI0SvqnNf+5cdL1I3dBmdQfxfPES0gm7uxsotpN/ufQ27oqIBi6TFr4PpmW0wZrsjuHBGlba0+Varw7A2sSnkJftpzc8f4b89tNsYJf5suKnnFaiADSIvLNTDQoF9rrBY12mvBGuBmqAHAhpSj2p64PXnVQ4v+27/xmSppk3XNrL1g9H8J6G9TkWhzCKbQa9kUmZ9lw==; 20:hbdCC90NFyy63E/OdUgV4kdLe2+YNl/7l8jgzGWE1a1pmt/zj2ufChlbM1jXOBQANkmnd3yt478hbLd1kYTeltwGy/TzL83KsYVr1A2sCrUjBW0jzgMaoewVxKluBLQY9w8/nStSsMYXyJzFNIM6uC+vMGi2N7Vqx/qvW3xyq2c=
x-microsoft-antispam-prvs: <CY4PR14MB13658E1C8E42C7950E9B0FA7D78E0@CY4PR14MB1365.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(32856632585715)(100405760836317)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123560025)(2016111802025)(6043046)(6072148); SRVR:CY4PR14MB1365; BCL:0; PCL:0; RULEID:; SRVR:CY4PR14MB1365;
x-forefront-prvs: 0144B30E41
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(199003)(377454003)(189002)(13464003)(377424004)(24454002)(504964003)(4326007)(33656002)(8936002)(7906003)(38730400001)(2561002)(2900100001)(101416001)(584604001)(1511001)(9686002)(7846002)(92566002)(8666005)(2421001)(7736002)(68736007)(5660300001)(19609705001)(229853002)(5001770100001)(74316002)(80792005)(97736004)(86362001)(5890100001)(39450400002)(3280700002)(7696004)(66066001)(2906002)(189998001)(50986999)(81156014)(2501003)(3660700001)(39410400001)(8676002)(3846002)(76576001)(122556002)(6116002)(102836003)(790700001)(2950100002)(105586002)(99286002)(76176999)(81166006)(106356001)(77096006)(606004)(54356999)(106116001)(93886004)(6506004); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR14MB1365; H:CY4PR14MB1368.namprd14.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: bcbsm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR14MB13683C85C0208865FC45965AD78E0CY4PR14MB1368namp_"
MIME-Version: 1.0
X-OriginatorOrg: bcbsm.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Dec 2016 19:15:42.6816 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR14MB1365
X-TM-AS-GCONF: 00
X-VPM-HOST: vmvpm02.z120.zixworks.com
X-VPM-GROUP-ID: 436e147b-4cc1-4f5f-a7f5-5a1e7d71ccf4
X-VPM-MSG-ID: 37a6107a-f769-4fe3-b7bd-0bfa2d6ae0cf
X-VPM-ENC-REGIME: Plaintext
X-VPM-IS-HYBRID: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T6zJVs1tUorpwiVE04c0as2vXpQ>
Cc: TLS <tls-bounces@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2016 19:15:51 -0000

+2
On removing all  references to SSL.


From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of darin.pettis@usbank.com
Sent: Friday, December 2, 2016 1:55 PM
To: Andrei Popov <Andrei.Popov@microsoft.com>
Cc: TLS <tls-bounces@ietf.org>; <tls@ietf.org> <tls@ietf.org>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*

+1 with Andrei.

"That SSL should never be used" is the one clear message we have so going back to SSL would muddy those waters too much.  Strong vote for staying with TLS.  It will become better known over time- especially with the current enterprise push to deprecate all SSL versions from use.
Regarding the numbering schema, someone recently mentioned that probably only a few hundred of us are aware of the TLS 1.3 nomenclature at this point and I would concur with that.  So, after considering all of the good points that have been circulating, I would like to change my vote to TLS 2017.  It provides clarity, recognizes that it is a major change and pulls us out of the whole SSL/TLS numbering confusion/quagmire.

Darin



From:        Andrei Popov <Andrei.Popov@microsoft.com<mailto:Andrei.Popov@microsoft.com>>
To:        Daniel Kahn Gillmor <dkg@fifthhorseman.net<mailto:dkg@fifthhorseman.net>>, Peter Gutmann <pgut001@cs.auckland.ac.nz<mailto:pgut001@cs.auckland.ac.nz>>, Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>>, David Benjamin <davidben@chromium.org<mailto:davidben@chromium.org>>, Tony Arcieri <bascule@gmail.com<mailto:bascule@gmail.com>>, "<tls@ietf.org<mailto:tls@ietf.org>>" <tls@ietf.org<mailto:tls@ietf.org>>
Date:        12/02/2016 12:34 PM
Subject:        Re: [TLS] Confirming consensus: TLS1.3->TLS*
Sent by:        "TLS" <tls-bounces@ietf.org<mailto:tls-bounces@ietf.org>>
________________________________



Indeed, "all known versions of SSL are broken and should never be used" is what I've been telling people for a while now...

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Daniel Kahn Gillmor
Sent: Friday, December 2, 2016 6:36 AM
To: Peter Gutmann <pgut001@cs.auckland.ac.nz<mailto:pgut001@cs.auckland.ac.nz>>; Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>>; David Benjamin <davidben@chromium.org<mailto:davidben@chromium.org>>; Tony Arcieri <bascule@gmail.com<mailto:bascule@gmail.com>>; <tls@ietf.org<mailto:tls@ietf.org>> <tls@ietf.org<mailto:tls@ietf.org>>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*

On Fri 2016-12-02 03:33:21 -0500, Peter Gutmann wrote:
> If no-one from Microsoft has any objections, can we just rename it
> back to what it's always been for everyone but us, SSL?

fwiw, the industry (and stackexchange) uses "SSL" to mean all sorts of things, not only TLS.  Yesterday i got an e-mail from a reputable CA reseller that said "Your SSL is expiring in two days!  Buy a new SSL now!"

Surely no one is proposing that we also re-name the X.509 certificate format to "SSL" just because vendors whose business models revolve around these products are confused about terminology.  What else should we rename to "SSL" on that basis?  Maybe a load-balancer is also "SSL"!

Here's a useful and effective meme for convincing bosses that it's ok to turn off SSLv3: all known versions of SSL are broken and should never be used.  Please do not break this meme by trying to rename TLS to SSL.

I don't care about the bikeshed over the number: i'd be fine with any of TLS 1.3 or TLS 4 or TLS 2017.  But can we please not create *even more* confusion by bikeshedding over the name itself?

      --dkg

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls




U.S. BANCORP made the following annotations
---------------------------------------------------------------------
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.

---------------------------------------------------------------------


The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.

v2.23.0 | Report a Bug | By Email