Re: [TLS] Confirming consensus: TLS1.3->TLS*

Vlad Krasnov <> Fri, 18 November 2016 19:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9F8E51294FE for <>; Fri, 18 Nov 2016 11:29:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qbVRbCa38q5y for <>; Fri, 18 Nov 2016 11:29:17 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400e:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 32BA812965C for <>; Fri, 18 Nov 2016 11:29:16 -0800 (PST)
Received: by with SMTP id p66so105861213pga.2 for <>; Fri, 18 Nov 2016 11:29:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YmhEfEdSeJ9QpHcroWF11WpS97XWFxOZatrMcs4msNY=; b=xSvk+I+lRPhmuInme2qscBYAu6IbbKFJA67PEppM/HNilsVMtlwluYCPoogW3nOO8i IxKh1w8CuNzY1q1a2yy4PaFUHTiF15xmEWVxTiOfRmxfQfrtIuvb9RULRyZ6882DKLWx OvCIFi7D8h/XMcuvFtzCSeYZXz7thuj0X5qRE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YmhEfEdSeJ9QpHcroWF11WpS97XWFxOZatrMcs4msNY=; b=HM768ME97A7QkvCb6cdfKWaYFeSzvCDp2B6XB422FWNBb1PjK7Ugh5zkMaQ1HjaBgf zg2YYqAaphoTgptFRjVK1HvZwF4w+7OmJUzF/ENCg2Awx+C85EBSGNr0FHlvWAKN9FRh Tq6cGeg584xgVg1aLIMsRwCSMr/oybIN9OrLGDbi6sTc0omEoxCPBQwqrJNj6FUrVAtt v4PYrV8HjdmQ1lK9fmv4BZy0dkPJgSvsmKI5YydTBOtu80nYdRyPOUPwJxrw91qFK/Vh nW7RQ+BMtS3KmJHcwx9NZ++s+wZtFF67GGhoFEePdw4RWidHe26sDWUzXWT7E8Z1f6b8 Gi1Q==
X-Gm-Message-State: AKaTC012EH/bnsDqExf8mpUlmsGtDhS8OdXmnuOrfXQjZ6WRpLCuwsPfHlM84qu3jrR8YRNh
X-Received: by with SMTP id o62mr2693806pga.73.1479497355322; Fri, 18 Nov 2016 11:29:15 -0800 (PST)
Received: from ?IPv6:2601:645:8302:ef30:d94f:c7b2:5caa:14d9? ([2601:645:8302:ef30:d94f:c7b2:5caa:14d9]) by with ESMTPSA id a1sm1683259pgf.16.2016. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Nov 2016 11:29:14 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Vlad Krasnov <>
In-Reply-To: <>
Date: Fri, 18 Nov 2016 11:29:13 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: "D. J. Bernstein" <>
X-Mailer: Apple Mail (2.3251)
Archived-At: <>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 18 Nov 2016 19:29:18 -0000

First: where can we see the study that proves people are indeed confused that TLS > SSL? I don’t buy into that. Are people really confused after 17 years of TLS?

Second: I don’t think that the changes between TLS 1.3 and TLS 1.2 are considered a major: just look at the difference between HTTP/2 and HTTP/1 - those are completely different protocols.

Most of TLS 1.3 could be implemented on top of TLS 1.2 with extensions (the way it really looks, if you consider even client_version remains the same).

Third: There was *some* marketing on TLS 1.3, and changing the name now will just tell the public the WG is confused and doesn’t know what its doing.

I vote for TLS 1.3.

> On 18 Nov 2016, at 10:07, D. J. Bernstein <>; wrote:
> The largest number of users have the least amount of information, and
> they see version numbers as part of various user interfaces. It's clear
> how they will be inclined to guess 3>1.3>1.2>1.1>1.0 (very bad) but
> 4>3>1.2>1.1>1.0 (eliminating the problem as soon as 4 is supported).
> We've all heard anecdotes of 3>1.2>1.1>1.0 disasters. Even if this type
> of disaster happens to only 1% of site administrators, it strikes me as
> more important for security than any of the arguments that have been
> given for "TLS 1.3". So I would prefer "TLS 4".
> Yes, sure, we can try to educate people that TLS>SSL (but then we're
> fighting against tons of TLS=SSL messaging), or educate them to use
> server-testing tools (so that they can fix the problem afterwards---but
> I wonder whether anyone has analyzed the damage caused by running SSLv3
> for a little while before switching the same keys to a newer protocol),
> and hope that this education fights against 3>1.3 more effectively than
> it fought against 3>1.2. But it's better to switch to a less error-prone
> interface that doesn't require additional education in the first place.
> ---Dan
> _______________________________________________
> TLS mailing list