Re: [TLS] Confirming consensus: TLS1.3->TLS*
Eric Mill <eric@konklone.com> Fri, 18 November 2016 22:33 UTC
Return-Path: <eric@konklone.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6D191294D1 for <tls@ietfa.amsl.com>; Fri, 18 Nov 2016 14:33:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIgYaTczkW_K for <tls@ietfa.amsl.com>; Fri, 18 Nov 2016 14:33:15 -0800 (PST)
Received: from sasl.smtp.pobox.com (pb-smtp1.pobox.com [64.147.108.70]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 120BD129456 for <tls@ietf.org>; Fri, 18 Nov 2016 14:33:14 -0800 (PST)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id C229F50F0A for <tls@ietf.org>; Fri, 18 Nov 2016 17:33:13 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to :content-type; s=sasl; bh=EToT/rLI0opGIMvufPnMJOJolRg=; b=oYjdUX q99ZywGs1HgWhiy8rOQS3U+QFvDoB+5KeB4Eylfsp8tq3UnWj7mqyrkdg22C1AVi W2M5krsi5j5Is/WakiYwR3sryLxWRWI9ybl/5OCSv1lj6NT2xhifbjgppvcvUKJx JaPo3RoL2qg3N1UyEtf+ndJmJZ4z6+R3rwQl4=
Received: from pb-smtp1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id BAC6250F09 for <tls@ietf.org>; Fri, 18 Nov 2016 17:33:13 -0500 (EST)
Received: from mail-qk0-f172.google.com (unknown [209.85.220.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 6643A50F07 for <tls@ietf.org>; Fri, 18 Nov 2016 17:33:13 -0500 (EST)
Received: by mail-qk0-f172.google.com with SMTP id q130so282741182qke.1 for <tls@ietf.org>; Fri, 18 Nov 2016 14:33:13 -0800 (PST)
X-Gm-Message-State: AKaTC033kWqMkc2hc2Z3jKX9w65AMpEWmpYxORJV2cn6A0mbPCTsYn/63fl+CfQIN7tn+2DlRh3HohaQoUUxjw==
X-Received: by 10.55.200.149 with SMTP id t21mr2676040qkl.214.1479508392803; Fri, 18 Nov 2016 14:33:12 -0800 (PST)
MIME-Version: 1.0
Received: by 10.200.44.205 with HTTP; Fri, 18 Nov 2016 14:32:32 -0800 (PST)
In-Reply-To: <20161118180737.16475.qmail@cr.yp.to>
References: <CF83FAD0-B337-4F9E-A80B-2BAA6826BF41@sn3rd.com> <20161118180737.16475.qmail@cr.yp.to>
From: Eric Mill <eric@konklone.com>
Date: Fri, 18 Nov 2016 17:32:32 -0500
X-Gmail-Original-Message-ID: <CANBOYLVwx7TDaP3ffoBQD1etN+N2VDKijec=7zmrVRHLCBF7yA@mail.gmail.com>
Message-ID: <CANBOYLVwx7TDaP3ffoBQD1etN+N2VDKijec=7zmrVRHLCBF7yA@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a113d58f4320a2205419ae45c"
X-Pobox-Relay-ID: FDD57B3C-ADDE-11E6-ACC9-987C12518317-82875391!pb-smtp1.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/eNayvV3NnDQTuc2nRwRxV-F0vd0>
Subject: Re: [TLS] Confirming consensus: TLS1.3->TLS*
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2016 22:33:17 -0000
It seems like TLS 2 and TLS 2.0 have very little support, so it's really just deciding between: TLS 1.3 TLS 4 (or maybe 4.0) I'll just amplify Rich's and djb's points by noting that the cost of switching away from TLS 1.3 really only affects a very small number of people -- really just the people in and around this WG. There is a much, much larger universe of people who will make deployment and implementation decisions, with varying attention span and degrees of skill, and I think they're best served with a clean start of an unambiguous version number. Just because it feels uncomfortable to us doesn't mean it will feel uncomfortable to the larger technical/enterprise community who don't really *care* about the versioning scheme, they just need to make some decisions and move on. -- Eric On Fri, Nov 18, 2016 at 1:07 PM, D. J. Bernstein <djb@cr.yp.to> wrote: > The largest number of users have the least amount of information, and > they see version numbers as part of various user interfaces. It's clear > how they will be inclined to guess 3>1.3>1.2>1.1>1.0 (very bad) but > 4>3>1.2>1.1>1.0 (eliminating the problem as soon as 4 is supported). > > We've all heard anecdotes of 3>1.2>1.1>1.0 disasters. Even if this type > of disaster happens to only 1% of site administrators, it strikes me as > more important for security than any of the arguments that have been > given for "TLS 1.3". So I would prefer "TLS 4". > > Yes, sure, we can try to educate people that TLS>SSL (but then we're > fighting against tons of TLS=SSL messaging), or educate them to use > server-testing tools (so that they can fix the problem afterwards---but > I wonder whether anyone has analyzed the damage caused by running SSLv3 > for a little while before switching the same keys to a newer protocol), > and hope that this education fights against 3>1.3 more effectively than > it fought against 3>1.2. But it's better to switch to a less error-prone > interface that doesn't require additional education in the first place. > > ---Dan > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- konklone.com | @konklone <https://twitter.com/konklone>
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Joseph Birr-Pixton
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Yoav Nir
- [TLS] Confirming consensus: TLS1.3->TLS* Sean Turner
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Erik Nygren
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Nick Harper
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Tony Arcieri
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Viktor Dukhovni
- Re: [TLS] Confirming consensus: TLS1.3->TLS* David Benjamin
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Dave Garrett
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Martin Thomson
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Ilari Liusvaara
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Hubert Kario
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Viktor Dukhovni
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Eric Mill
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Ilari Liusvaara
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Michael Ströder
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Will Serumgard
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Adam Langley
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Henrick Hellström
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Ira McDonald
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Christian Huitema
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Dave Kern
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Martin Rex
- Re: [TLS] Confirming consensus: TLS1.3->TLS* D. J. Bernstein
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Vlad Krasnov
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Deb Cooley
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Vlad Krasnov
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Eftychios Theodorakis
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Vlad Krasnov
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Julien ÉLIE
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Martin Thomson
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Eric Mill
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Nick Sullivan
- Re: [TLS] Confirming consensus: TLS1.3->TLS* David Adrian
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Kazuho Oku
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* David Woodhouse
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Melinda Shore
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Ilari Liusvaara
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Victor Vasiliev
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Anders Rundgren
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Jeffrey Walton
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Viktor Dukhovni
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Watson Ladd
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Ira McDonald
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Judson Wilson
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Vlad Krasnov
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Steven Valdez
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Filippo Valsorda
- Re: [TLS] Confirming consensus: TLS1.3->TLS* D. J. Bernstein
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Eric Rescorla
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Eric Mill
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Bill Frantz
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Xiaoyin Liu
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Mark Nottingham
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Viktor Dukhovni
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Andrey Jivsov
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Andrei Popov
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Dmitry Belyavsky
- Re: [TLS] Confirming consensus: TLS1.3->TLS* darin.pettis
- Re: [TLS] Confirming consensus: TLS1.3->TLS* =JeffH
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Yoav Nir
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Eric Rescorla
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Short, Todd
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Sean Leonard
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Richard Barnes
- Re: [TLS] Confirming consensus: TLS1.3->TLS* David Woodhouse
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Hugo Krawczyk
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Scott Schmit
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Daniel Migault
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Dave Garrett
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Anders Rundgren
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Dan Brown
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Timothy Jackson
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Raja ashok
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Nick Sullivan
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Viktor Dukhovni
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Tony Arcieri
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Watson Ladd
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* David Benjamin
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Bill Frantz
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Stephen Farrell
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Yoav Nir
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Matt Caswell
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Hubert Kario
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Ted Lemon
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Hubert Kario
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Hubert Kario
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Ackermann, Michael
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Hubert Kario
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Thomas Pornin
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Ted Lemon
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Maarten Bodewes
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Daniel Kahn Gillmor
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Rob Stradling
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Hubert Kario
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Andrei Popov
- Re: [TLS] Confirming consensus: TLS1.3->TLS* David Benjamin
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Yoav Nir
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Andrei Popov
- Re: [TLS] Confirming consensus: TLS1.3->TLS* darin.pettis
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Viktor Dukhovni
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Ackermann, Michael
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Salz, Rich
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Aaron Zauner
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Michael D'Errico
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Patrick McManus
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Ted Lemon
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Tony Arcieri
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Tony Arcieri
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Viktor Dukhovni
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Scott Schmit
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Scott Schmit
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Tony Arcieri
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Karthik Bhargavan
- [TLS] closing thread -> Re: Confirming consensus:… Sean Turner
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Peter Gutmann
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Mohan Sekar
- Re: [TLS] Confirming consensus: TLS1.3->TLS* Joseph Salowey