Re: [TLS] Confirming consensus: TLS1.3->TLS*

Vlad Krasnov <vlad@cloudflare.com> Fri, 18 November 2016 19:29 UTC

Return-Path: <vlad@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F8E51294FE for <tls@ietfa.amsl.com>; Fri, 18 Nov 2016 11:29:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qbVRbCa38q5y for <tls@ietfa.amsl.com>; Fri, 18 Nov 2016 11:29:17 -0800 (PST)
Received: from mail-pg0-x231.google.com (mail-pg0-x231.google.com [IPv6:2607:f8b0:400e:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32BA812965C for <tls@ietf.org>; Fri, 18 Nov 2016 11:29:16 -0800 (PST)
Received: by mail-pg0-x231.google.com with SMTP id p66so105861213pga.2 for <tls@ietf.org>; Fri, 18 Nov 2016 11:29:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YmhEfEdSeJ9QpHcroWF11WpS97XWFxOZatrMcs4msNY=; b=xSvk+I+lRPhmuInme2qscBYAu6IbbKFJA67PEppM/HNilsVMtlwluYCPoogW3nOO8i IxKh1w8CuNzY1q1a2yy4PaFUHTiF15xmEWVxTiOfRmxfQfrtIuvb9RULRyZ6882DKLWx OvCIFi7D8h/XMcuvFtzCSeYZXz7thuj0X5qRE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YmhEfEdSeJ9QpHcroWF11WpS97XWFxOZatrMcs4msNY=; b=HM768ME97A7QkvCb6cdfKWaYFeSzvCDp2B6XB422FWNBb1PjK7Ugh5zkMaQ1HjaBgf zg2YYqAaphoTgptFRjVK1HvZwF4w+7OmJUzF/ENCg2Awx+C85EBSGNr0FHlvWAKN9FRh Tq6cGeg584xgVg1aLIMsRwCSMr/oybIN9OrLGDbi6sTc0omEoxCPBQwqrJNj6FUrVAtt v4PYrV8HjdmQ1lK9fmv4BZy0dkPJgSvsmKI5YydTBOtu80nYdRyPOUPwJxrw91qFK/Vh nW7RQ+BMtS3KmJHcwx9NZ++s+wZtFF67GGhoFEePdw4RWidHe26sDWUzXWT7E8Z1f6b8 Gi1Q==
X-Gm-Message-State: AKaTC012EH/bnsDqExf8mpUlmsGtDhS8OdXmnuOrfXQjZ6WRpLCuwsPfHlM84qu3jrR8YRNh
X-Received: by 10.99.65.65 with SMTP id o62mr2693806pga.73.1479497355322; Fri, 18 Nov 2016 11:29:15 -0800 (PST)
Received: from ?IPv6:2601:645:8302:ef30:d94f:c7b2:5caa:14d9? ([2601:645:8302:ef30:d94f:c7b2:5caa:14d9]) by smtp.gmail.com with ESMTPSA id a1sm1683259pgf.16.2016.11.18.11.29.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Nov 2016 11:29:14 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Vlad Krasnov <vlad@cloudflare.com>
In-Reply-To: <20161118180737.16475.qmail@cr.yp.to>
Date: Fri, 18 Nov 2016 11:29:13 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <555F1FCF-CB73-48D4-AC7C-A255EF3ACE2C@cloudflare.com>
References: <20161118180737.16475.qmail@cr.yp.to>
To: "D. J. Bernstein" <djb@cr.yp.to>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XC3vz3VXsrsRIPAkUqaFMjxbWHQ>
Cc: tls@ietf.org
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2016 19:29:18 -0000

First: where can we see the study that proves people are indeed confused that TLS > SSL? I don’t buy into that. Are people really confused after 17 years of TLS?

Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are considered a major: just look at the difference between HTTP/2 and HTTP/1 - those are completely different protocols.

Most of TLS 1.3 could be implemented on top of TLS 1.2 with extensions (the way it really looks, if you consider even client_version remains the same).

Third: There was *some* marketing on TLS 1.3, and changing the name now will just tell the public the WG is confused and doesn’t know what its doing.

I vote for TLS 1.3.


> On 18 Nov 2016, at 10:07, D. J. Bernstein <djb@cr.yp.to>; wrote:
> 
> The largest number of users have the least amount of information, and
> they see version numbers as part of various user interfaces. It's clear
> how they will be inclined to guess 3>1.3>1.2>1.1>1.0 (very bad) but
> 4>3>1.2>1.1>1.0 (eliminating the problem as soon as 4 is supported).
> 
> We've all heard anecdotes of 3>1.2>1.1>1.0 disasters. Even if this type
> of disaster happens to only 1% of site administrators, it strikes me as
> more important for security than any of the arguments that have been
> given for "TLS 1.3". So I would prefer "TLS 4".
> 
> Yes, sure, we can try to educate people that TLS>SSL (but then we're
> fighting against tons of TLS=SSL messaging), or educate them to use
> server-testing tools (so that they can fix the problem afterwards---but
> I wonder whether anyone has analyzed the damage caused by running SSLv3
> for a little while before switching the same keys to a newer protocol),
> and hope that this education fights against 3>1.3 more effectively than
> it fought against 3>1.2. But it's better to switch to a less error-prone
> interface that doesn't require additional education in the first place.
> 
> ---Dan
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls