Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 046DC1A045E
 for <tls@ietfa.amsl.com>; Mon, 11 Aug 2014 10:27:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level: 
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001,
 RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dwqMQnZnI3_7 for <tls@ietfa.amsl.com>;
 Mon, 11 Aug 2014 10:27:02 -0700 (PDT)
Received: from mail-wg0-f47.google.com (mail-wg0-f47.google.com [74.125.82.47])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 9E4971A0037
 for <tls@ietf.org>; Mon, 11 Aug 2014 10:27:02 -0700 (PDT)
Received: by mail-wg0-f47.google.com with SMTP id b13so8653355wgh.6
 for <tls@ietf.org>; Mon, 11 Aug 2014 10:27:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc:content-type;
 bh=vsfDBdv3lN3NkOMznYJUzpdF+8nXBGGccNl1p0UCLHA=;
 b=Sy1YOo6m2c8YkkPyoiMDJSZSvLjUhzr1QIZzlDKE98pQt7k2ArNsaAVclPAqBEzx5A
 vK+89Tyk47eoZ0W+xtkefCXiMEh7yraQM8hfcANHktJPZgyd0TVJB0sz4/jNHyxFpjk9
 QxYsABMK1m0dapMVeB6WTRR+s5oH0cO5+/GzCbppXQFG0N7n3JakoHHZW7vknVTFi3t5
 uvIEgApu0iSeqZ7mCRny9p7cWMztw1o0Snz6Y0uGIoRRVeAzrSvod9YgukYfHSETAxat
 IMNcpn682Fn3ft8895gZXH69zFzlJRh4zN3u4jdc000jOUTs4Te/Sdzm1RiZ4fQlOol+
 CW0g==
X-Gm-Message-State: ALoCoQnlcQSCbIKn5Z/gP4A1UyoJILq641nxGEck06abiJLK7s0rN1418yUUesZDtHJPujnbqWcn
X-Received: by 10.180.186.3 with SMTP id fg3mr20754458wic.78.1407778021024;
 Mon, 11 Aug 2014 10:27:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.217.128.12 with HTTP; Mon, 11 Aug 2014 10:26:20 -0700 (PDT)
X-Originating-IP: [2620:101:80fc:232:6049:62d9:3779:ea46]
In-Reply-To: <CACsn0ck7KKcRYJfCeXJkKD_bp=j5X3EPyw6MNKb94ywK8sYUsA@mail.gmail.com>
References: <CABcZeBN_Pi+6Bythe98VaVL09afZzdM8rB8weEZUkzmpk5nmmA@mail.gmail.com>
 <CACsn0ck7KKcRYJfCeXJkKD_bp=j5X3EPyw6MNKb94ywK8sYUsA@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 11 Aug 2014 10:26:20 -0700
Message-ID: <CABcZeBO4iLjJ3kibAK3SFCRgggN1Ca9JdCR_3i4ROXr+v64W9g@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c26aceddbe1105005ddc75
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/hsEvAGJ3cS-Z2J2A2T6oBOqjHT4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] "Draft Version" extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
 <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
 <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2014 17:27:04 -0000

--001a11c26aceddbe1105005ddc75
Content-Type: text/plain; charset=UTF-8

On Mon, Aug 11, 2014 at 10:15 AM, Watson Ladd <watsonbladd@gmail.com> wrote:

>
> On Aug 11, 2014 9:55 AM, "Eric Rescorla" <ekr@rtfm.com> wrote:
> >
> > Experience with HTTP 2 has shown that it's convenient to be able to
> > distinguish which draft version you're implementing so you don't end
> > worrying about interop between various I-D versions. Accordingly,
> > for TLS 1.3 I'd like to define a temporary extension that indicates which
> > TLS 1.3 draft it implements. The idea here is that the client would
> signal
> > TLS 1.3 and then "draft 3" and the server would only negotiate 1.3 if
> > it had a compatible draft. Otherwise it would fall back to TLS 1.2.
>
> How would the server negotiate v2 vs v3?
>

You negotiate TLS 1.2 versus TLS 1.3 via the usual mechanism, I.e., the
version
in the ClientHello.

-Ekr

--001a11c26aceddbe1105005ddc75
Content-Type: text/html; charset=UTF-8

<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Aug 11, 2014 at 10:15 AM, Watson Ladd <span dir="ltr">&lt;<a href="mailto:watsonbladd@gmail.com" target="_blank">watsonbladd@gmail.com</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><p dir="ltr"><br>
On Aug 11, 2014 9:55 AM, &quot;Eric Rescorla&quot; &lt;<a href="mailto:ekr@rtfm.com" target="_blank">ekr@rtfm.com</a>&gt; wrote:<br>
&gt;<br>
&gt; Experience with HTTP 2 has shown that it&#39;s convenient to be able to<br>
&gt; distinguish which draft version you&#39;re implementing so you don&#39;t end<br>
&gt; worrying about interop between various I-D versions. Accordingly,<br>
&gt; for TLS 1.3 I&#39;d like to define a temporary extension that indicates which<br>
&gt; TLS 1.3 draft it implements. The idea here is that the client would signal<br>
&gt; TLS 1.3 and then &quot;draft 3&quot; and the server would only negotiate 1.3 if<br>
&gt; it had a compatible draft. Otherwise it would fall back to TLS 1.2.</p>
</div><p dir="ltr">How would the server negotiate v2 vs v3?</p></blockquote><div><br></div><div>You negotiate TLS 1.2 versus TLS 1.3 via the usual mechanism, I.e., the version</div><div>in the ClientHello.</div><div><br>

</div><div>-Ekr</div><div><br></div></div></div></div>

--001a11c26aceddbe1105005ddc75--