Re: [TLS] Fixing TLS

Eric Rescorla <> Tue, 12 January 2016 20:18 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B2C061A8863 for <>; Tue, 12 Jan 2016 12:18:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fUs8uh_F0bQr for <>; Tue, 12 Jan 2016 12:18:51 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7F7A51A885F for <>; Tue, 12 Jan 2016 12:18:51 -0800 (PST)
Received: by with SMTP id a85so386941500ykb.1 for <>; Tue, 12 Jan 2016 12:18:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=nqy/9cDnRexl2MOMN9JispGoPGLRu4MyPkpcnh8g8PY=; b=LiVego6fnxFukcOKbGPV1whBKFG8cL3uiAd6p5n6TqjBm8xPWotJRrcIZqmrAw4a1P T4/KIQsiUELOB3wpgZN6xjJKXdQT1Y/AynjKzSn4pDk34QLNez1JlwIuPFhMlyi3u4um vqIgyEZFgegSj6PrvcPcEr2bqA0AUUxZYtiKQgLIpGSBCEyjOLzwk8EiEdYmpAy3MKew N4rxhMyf33/cDs06Cdqcb6zuOv1sI/tDMGDs0xXBvHTCVYSYvpJ7sb53Uo4K9Mx+stRk xSlhmNBCdxdV+yk36szuHvREHhoXCjqxbsaC0Y/hJFsAjpKk5Fmo0PaZfJwCts5Qo3u/ h7Cw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=nqy/9cDnRexl2MOMN9JispGoPGLRu4MyPkpcnh8g8PY=; b=XoSK1y5vP6rS0CmCdUx1a3ZBD7jWRCNwW3VF/ylxQCecVMqFFQEFcBDyhWuUVNXzTa S3/XHgNtBCD3ilKUVLAdr6uu1ltLYZvrt3Cn0i5vZ9/fimjogvEpg737Z/wlo6TMfsfS OL3VBRAyedBMwCrah6sEfKCLIFqGjLvWP73SkMqnJkALmp2fJ6p446RV9kHIgCgv55Qm TCeAuGSn0Ff+vN8c1myWhrjTep6838aMvHlVck1nVF/M/zbqytX/+ZopJjmLYJyumzJm z7jHv4Xx/HdPSMgcQDhCBjGw9lNJvAh8p30E1C6Iffbo228aAzihT7yCTdA6VmLc9Kt2 LjqQ==
X-Gm-Message-State: ALoCoQkTtNTE7KIjVG9VYqrImSRDdP6KfGqzDZCGsxNsxqyJ34tJQdkDi+r4p657ISir1IdmVmum+8jrEZpjF7BVuBUZ1pkS9A==
X-Received: by with SMTP id c189mr107401853ywe.165.1452629930808; Tue, 12 Jan 2016 12:18:50 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Tue, 12 Jan 2016 12:18:11 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <>
From: Eric Rescorla <>
Date: Tue, 12 Jan 2016 12:18:11 -0800
Message-ID: <>
To: Bill Cox <>
Content-Type: multipart/alternative; boundary=94eb2c08192a0444a0052928c30a
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] Fixing TLS
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 12 Jan 2016 20:18:52 -0000

On Tue, Jan 12, 2016 at 12:12 PM, Bill Cox <> wrote:

> On Tue, Jan 12, 2016 at 11:39 AM, Dave Garrett <>
> wrote:
>> On Tuesday, January 12, 2016 02:27:02 pm Bill Cox wrote:
>> Personally, I hope this new version of TLS, save for possibly some minor
>> update & extensions, is the final version. I hope that Google's efforts to
>> get QUIC as-is specced out go quickly and smoothly, and that it can be used
>> as a basis to develop an official total TCP/TLS replacement. (the early
>> documentation for QUIC was horrible, but the current work is vastly
>> improved) As far as I'm concerned, TLS 1.3 is a transitional measure which
>> should only be used in the medium-term by those who adopt new tech very
>> slowly, and in the long-term phased out entirely. It is a very important
>> transitional measure that needs to be done with as high a security and
>> performance as possible, but a finite one nonetheless. (well, arguably,
>> pretty much everything is, given a long enough timeframe ;) We have to get
>> through the short-term to get to the long-term, though.
>> Dave
> I wish that were the plan (to upgrade QUIC crypto and eventually make that
> the new crypto platform).  If I am not mistaken, QUICK crypto is going to
> be archived, TLS 1.3 will replace the crypto code, and QUIC will remain the
> transport layer.

This is my understanding as well, based both onconversations with the QUIC
folks, and Adam and Jana's public presentations. A number of us (MT, I,
Jana, Ian, AGL, Christian) have already started some initial conversations
at how to do that.

With that said, I don't think there's a plausible story in which QUIC
becomes the only
transport protocol in the world any time soon, so I don't think standalone
TLS 1.3
is going away.