Re: What VERSION number is used for TLS?

The move to HMAC does change the bits on the wire (at least that was my
interpretation of <draft-ietf-tls-ssl-mods-00.txt>).

Whether the version number is 4.0 or 3.X is a minor issue in my mind. I'm
more concerned about how version negotiation will be done. Will it work like
3.0 where the most recent version is considered more secure? Such that if
both sides support TLS vX.X then TLS is used. 

Will TLS vX.X continue to support SSLv2 messages? The move to TLS vX.X could
be a vehicle to force migration away from v2.0. No?

Will TLS make no assumptions about previous "non-IETF" protocols and not try
to be backwards compatible with SSL2 or SSL3? (certainly there will be
pushback if TLS is not backward compatible with SSL3.0)

Regards,
Ned Smith
nsmith@ibeam.intel.com
At 07:30 AM 12/11/96 -0500, Rodney Thayer wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I think we need to decide what we number this thing.  I think this was and
>will continue to be a point of confusion so I think it needs to be
>resolved.  Here's how I think it should be resolved.  
>
>Right now, the document calls itself 1.0, and the protocol it specifies is
>3.0.
>
>SSL also is called 3.0, if you look at the bits on the wire.
>
>We have rough consensus that the modifications we are making will be
>'minor', but I believe at least one of them (the MAC change) will cause
>this protocol to no longer exactly match "SSL 3.0".
>
>QUESTIONS:
>
>1. Am I correct the MAC changes will cause this to cease to match SSL 3.0
>exactly?
>
>2. What do we call it?  I have a suggestion.  I suggest we make the label
>of the document and the internal version match.  Furthermore, since we are
>making a significant change to a field in the TLS Record Format
>(TLSCiphertext MAC values will be calculated differently so an SSL 3.0 MAC
>will not match, right?) I suggest it's not a 'minor' revision but rather a
>'major' revision.  THEREFORE...
>
>I suggest we call both the SPEC and the PROTOCOL "TLS 4.0".
>
>Comments?  Corrections?
>
Ned Smith~~~~~~~~~~~~~~Intel Architecture Labs~~~~~~~~~~~~~~
Ph: 503.264.2692 Fax: x1805  2111 N.E. 25th Ave.  Hillsboro, OR. 97124     
Email: mailto:nsmith@ibeam.intel.com  or mailto:nsmith@bigfoot.com
http://www.intel.com/ial/security
~~~~~~~~~~~~~~~My opinions are my own etc. etc.~~~~~~~~~~~~

Received on Wednesday, 11 December 1996 12:02:16 UTC