Re: [TLS] TLS 1.3 -> TLS 2.0?

Erik Nygren <erik+ietf@nygren.org> Tue, 30 August 2016 20:20 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45A5912D7F6 for <tls@ietfa.amsl.com>; Tue, 30 Aug 2016 13:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.091
X-Spam-Level:
X-Spam-Status: No, score=-1.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 469NQLpxdJ3Z for <tls@ietfa.amsl.com>; Tue, 30 Aug 2016 13:20:14 -0700 (PDT)
Received: from mail-it0-x231.google.com (mail-it0-x231.google.com [IPv6:2607:f8b0:4001:c0b::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36CBC12D7F0 for <tls@ietf.org>; Tue, 30 Aug 2016 13:20:14 -0700 (PDT)
Received: by mail-it0-x231.google.com with SMTP id n75so7239622ith.1 for <tls@ietf.org>; Tue, 30 Aug 2016 13:20:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Mqik7LrEhiRez9xXMkaM3hiM0Ezd1100Ysm4/ACyIQU=; b=DuoD3FlwewjYfytIEvsQHn/DIUqrgXPQB7G8ntKlmGNZNwi1i0Y2qWk2wwiah7+XJ2 T/4ItpT7gkX/wqT+Iv5HDCLV7AnW1B2tt3cXPSWvRJGiTXfutyiF9S48C0LxDNn+o7TA UO2+5EHXYXRoJObJefVzdkIozbnwAF0kt7trZiGWSwv9rMSKalqDN5PF3oOxpdHY+PB9 apBUc6xW8vxqE6QkCCtcRukYBpKZPS+T4k23Rl7EzIbEV3H3CUUg2IaEQj08h1rT+cUx 3H2RhXuKGNyavLZRG0zEfCnAoicA0dTWt0Xn8v+N9PkZteF5vTV9JMzOSm/2cN4j8QGY owFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Mqik7LrEhiRez9xXMkaM3hiM0Ezd1100Ysm4/ACyIQU=; b=EPAAFv53mKMep3cZ9vJmYA2NqXpylWh0cd9um3B7iAKCImfYll+8sI/A4iYoY4btM0 5yg7Ani5djWNvFCmnxciLr+IXOQlLjI3aB7VBnUKh45Eg/HKKNFXEcqtsjDghBFk7Rum hMnAa7W9jRhxnjEzMS9lrNvdjg9x36KKA8z5D1BKk5VElLAkCRi5EWzlnhN7SrepwMoM UdDQW4RlBLM/N/5XE2T2THg0j9GxzTP9KF68VgWUINnzKwngWLgAWrVbHCtnDxcMBF3m v1d+5sLfmmZK8oCrw+0SgrV59xfc9E72g1J61sb2+cnjGzDKV4Tsrqec6vmDVUPO9gN0 rHhQ==
X-Gm-Message-State: AE9vXwNAP2Pp73Naivy857VWuD6ObMfKr0aR5leT/WQicvSUkJ1dCPsqND2FJ+fFKqvxecz+qRAljCffTk65jA==
X-Received: by 10.36.9.196 with SMTP id 187mr9365902itm.82.1472588413376; Tue, 30 Aug 2016 13:20:13 -0700 (PDT)
MIME-Version: 1.0
Sender: nygren@gmail.com
Received: by 10.107.137.69 with HTTP; Tue, 30 Aug 2016 13:20:12 -0700 (PDT)
Received: by 10.107.137.69 with HTTP; Tue, 30 Aug 2016 13:20:12 -0700 (PDT)
In-Reply-To: <201608301529.49488.davemgarrett@gmail.com>
References: <201608301419.33620.davemgarrett@gmail.com> <CY1PR15MB077803AB565FB6CD20098CEAFFE00@CY1PR15MB0778.namprd15.prod.outlook.com> <201608301529.49488.davemgarrett@gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Tue, 30 Aug 2016 16:20:12 -0400
X-Google-Sender-Auth: hX9yVMWwS1zRaVDZN3QRWglKp9E
Message-ID: <CAKC-DJjUjZneEP5swE+Gd9_RFHS57TBDOVLiQxKEE5wgNg53Xw@mail.gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: multipart/alternative; boundary=001a1143e20847c3a1053b4fb530
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bglNaIPeoUcwpITfqzfhQbYV6ZY>
Cc: tls@ietf.org
Subject: Re: [TLS] TLS 1.3 -> TLS 2.0?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2016 20:20:15 -0000

I'm also very supportive for the reasons you outline.

However, I think we should consider calling it TLS 4 or TLS 4.0 or TLS 5.

In particular, much of the non-technical audience still calls it "SSL" (pet
peeve of many of us, I suspect) and having a version number clearly greater
than SSLv3 and not confusing with SSLv2 would be quite valuable.  "TLS 2"
may have risk for unfortunate confusions with SSLv2 and SSLv3.

Another reason to avoid 1.3 is Western culture negative connotations around
"tls13" which TLS 1.3 will get abbreviated as.

- Erik

     [Sent from my IPv6 connected T-Mobile 4G LTE mobile device]

On Aug 30, 2016 3:35 PM, "Dave Garrett" <davemgarrett@gmail.com>; wrote:

> On Tuesday, August 30, 2016 02:36:51 pm Xiaoyin Liu wrote:
> > I support this change as long as there is no technical change (version
> ID remains 0x0304).
>
> To reiterate, I am also against changing the version ID. However, I do
> think it's worth updating the context string version number, otherwise it'd
> be a little unnecessarily confusing there. (trivial change to key
> derivation, but not wire format) I've also made a point to tweak references
> to the on-the-wire version value to refer to it as a "version ID" rather
> than just version, to make it very clear that this is really just an
> arbitrary codepoint and shouldn't be read as 3.4.
>
> I've made the changes for a WIP branch, here (not a PR, as of yet):
> https://github.com/tlswg/tls13-spec/compare/master...
> davegarrett:tls2rebranding
>
> Going through the motions of doing the renaming now is useful to see if
> there's anything that is more affected than initially expected, such as the
> context strings having the version in there directly as a string (they're
> designed to be updated as-needed, so this shouldn't be a problem).
>
>
> Dave
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>