- From: Christopher Allen <ChristopherA@consensus.com>
- Date: Wed, 11 Dec 1996 10:01:33 -0800
- To: Ned Smith <nsmith@ibeam.jf.intel.com>
- Cc: ietf-tls@w3.org
At 9:04 AM -0800 12/11/96, Ned Smith wrote: >Will TLS vX.X continue to support SSLv2 messages? The move to TLS vX.X could >be a vehicle to force migration away from v2.0. No? > >Will TLS make no assumptions about previous "non-IETF" protocols and not try >to be backwards compatible with SSL2 or SSL3? (certainly there will be >pushback if TLS is not backward compatible with SSL3.0) There was some discussion on this after TLS meeting during IETF San Jose. The Area Director emphatically encouraged us not to phase out 2.0 backwards compatibility with TLS. This of course means 3.0 backwards compatiblity needs to be done ;-) My personal belief is that 2.0 has some security issues, but as long as can find ways to avoid roll-back attacks to SSL 2.0 and SSL 3.0 (and I guess technically PCT 1.0?), then I'm for compatibility. I do however, would like to see a statement someplace that this 2.0 backward compatibility is optional, and another statement that someday with some future version of TLS, SSL 2.0 compatibility will go away. ------------------------------------------------------------------------ ..Christopher Allen Consensus Development Corporation.. ..<ChristopherA@consensus.com> 1563 Solano Avenue #355.. .. Berkeley, CA 94707-2116.. ..Home of "SSL Plus: o510/559-1500 f510/559-1505.. .. SSL 3.0 Integration Suite(tm)" <http://www.consensus.com/SSLPlus/>..
Received on Wednesday, 11 December 1996 13:02:14 UTC