Re: What VERSION number is used for TLS?

At 9:04 AM -0800 12/11/96, Ned Smith wrote:
>Will TLS vX.X continue to support SSLv2 messages? The move to TLS vX.X could
>be a vehicle to force migration away from v2.0. No?
>Will TLS make no assumptions about previous "non-IETF" protocols and not try
>to be backwards compatible with SSL2 or SSL3? (certainly there will be
>pushback if TLS is not backward compatible with SSL3.0)

There was some discussion on this after TLS meeting during IETF San Jose.
The Area Director emphatically encouraged us not to phase out 2.0 backwards
compatibility with TLS. This of course means 3.0 backwards compatiblity
needs to be done ;-)

My personal belief is that 2.0 has some security issues, but as long as can
find ways to avoid roll-back attacks to SSL 2.0 and SSL 3.0 (and I guess
technically PCT 1.0?), then I'm for compatibility.

I do however, would like to see a statement someplace that this 2.0
backward compatibility is optional, and another statement that someday with
some future version of TLS, SSL 2.0 compatibility will go away.

..Christopher Allen                  Consensus Development Corporation..
..<>                 1563 Solano Avenue #355..
..                                             Berkeley, CA 94707-2116..
..Home of "SSL Plus:                      o510/559-1500  f510/559-1505..
..  SSL 3.0 Integration Suite(tm)" <>..

Received on Wednesday, 11 December 1996 13:02:14 UTC