Re: [TLS] TLS 1.3 -> TLS 2.0?

Yoav Nir <ynir.ietf@gmail.com> Wed, 31 August 2016 15:24 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6164D12D67F for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 08:24:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.194
X-Spam-Level:
X-Spam-Status: No, score=-1.194 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HUK1Zy8AVtDY for <tls@ietfa.amsl.com>; Wed, 31 Aug 2016 08:24:17 -0700 (PDT)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8574E12DBE6 for <tls@ietf.org>; Wed, 31 Aug 2016 07:55:27 -0700 (PDT)
Received: by mail-wm0-x234.google.com with SMTP id i5so94785288wmg.0 for <tls@ietf.org>; Wed, 31 Aug 2016 07:55:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=A7oCNE3QaSzY+IuKdNXN9ZWE12uEBAOwpY2XGEsGv0o=; b=PhIQFFIXk+lZCO0mZl++5L3i39JZK4MfN/jT0ZvmQb1h5HvP8u25lvkhkvnP4Z2o3e aQ9IK3B2Q68R7ZuB3nX9RVIBWmoQDPM5bfXiyNGPpkQXu5gy+AME8ZUP2VyJP0lynWtt jQMJ+VH8tgVqAo+tzXF27tv9/qa1iCDifE8/ewYlgmU/xxwZ1/wxEkeNbvQ0Zlum+QnD ZQsl5QTlJd1JCl4fIulo5WdwT4fdp/CLsubFbO1PwKQeEutixF3BUEfUGLJum1UZc3sG jyKM2wmIJ/HMhwO+R+LUNMdLP+oPnCp9B2Cxdx+Tnbs3cTwyzJ6VuMGik471rDLS+ECc YE3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=A7oCNE3QaSzY+IuKdNXN9ZWE12uEBAOwpY2XGEsGv0o=; b=dh25guGSvNToHvXNJou3/AxqAqdAZ+Wj23UnWWb1I6LxBTULRfZOFrv1n0yw1XEAuc qt+Tbn1zI4I/86wX4tBNn3QsMHB0NNIZymqIbZ45SIHLYlkeUMuNmMny27BMsGWsHV5P VemsyFBKROJjMnJ2SLG/cBDSNxXC9lf7YMJvNQykMUeIv075DwXGuovyL3x0R+BzPKFy kIxcJuLGecE6zI71elsPIGpZ4gqsDbSibmMdnZu2dDx2crpVp/mmEHXskSm+27cL0fie dD/sKWqY3nmhEs2240F5O0k0j+rQPW+58st+Wd1mV+Eft0xbQkgmZAFNzzdHUp5AvCyc VL+w==
X-Gm-Message-State: AE9vXwOSfyYyMlhn59JFEgT8Zek6jkbM5sAmjsUqCq3obb1SBZpTESyz8zFis90+rDqlcA==
X-Received: by 10.194.38.137 with SMTP id g9mr9298983wjk.107.1472655326007; Wed, 31 Aug 2016 07:55:26 -0700 (PDT)
Received: from [192.168.1.14] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id cw7sm235117wjb.38.2016.08.31.07.55.24 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 31 Aug 2016 07:55:25 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_DBBD145D-21CD-47CE-A225-A7F54F3A19CE"; protocol="application/pgp-signature"; micalg=pgp-sha256
X-Pgp-Agent: GPGMail
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <878tvex8a6.fsf@alice.fifthhorseman.net>
Date: Wed, 31 Aug 2016 17:55:29 +0300
Message-Id: <DF0CFCAF-7B80-428D-87A5-7A577CFE3323@gmail.com>
References: <201608301419.33620.davemgarrett@gmail.com> <2135572.Ea2pKTvtKx@pintsize.usersys.redhat.com> <878tvex8a6.fsf@alice.fifthhorseman.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dp2DmCSfGsNLO9aYrvoPDj8ELzM>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 -> TLS 2.0?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 15:24:21 -0000

> On 31 Aug 2016, at 12:21 AM, Daniel Kahn Gillmor <dkg@fifthhorseman.net>; wrote:
> 
> On Tue 2016-08-30 16:14:06 -0400, Hubert Kario wrote:
>> On Tuesday, 30 August 2016 14:19:33 CEST Dave Garrett wrote:
>>> * Keep the version ID as { 3, 4 } (already weird counting; changing risks
>>> more intolerance)
>> 
>> IMNSHO this alone is enough of a reason not to do this
>> 
>> it's enough explaining to people that SSLv3.3 is really TLSv1.2, now we'll
>> have SSLv3.4 == TLSv1.3 == TLSv2.0
>> 
>> it's silly at this point
> 
> Who are you talking to who's fine with looking at the bytes on the wire
> but isn't fine with understanding that a 16-bit field might not map
> directly to our imagination of decimal?

No they don’t always look at the 16-bit field (although they might), but they look at you funny when you tell them that 1.0 > 3.0 and that you should totally disable 3.0 and prefer to use 1.2 instead.