Re: What VERSION number is used for TLS? from Rodney Thayer on 1996-12-11 (ietf-tls@w3.org from October to December 1996)

From: Rodney Thayer <rodney@sabletech.com>
Date: Wed, 11 Dec 1996 15:45:51 -0500
To: ietf-tls@w3.org
Message-Id: <3.0.16.19961211153730.1ac7b7fc@pop3.pn.com>
It is my understanding that we have explicit guidance from the AD that TLS
should *not* break backwards compliance with SSL3 or SSL2.

I though (but I can't quote you chapter and verse) that whatever the
number, it will be >3.0 and therefor the negotiation logic would cause it
to be preferred.

>X-Sender: nsmith@ibeam.intel.com
>Date: Wed, 11 Dec 1996 09:04:49 -0800
>To: Rodney Thayer <rodney@sabletech.com>
>From: Ned Smith <nsmith@ibeam.jf.intel.com>
>Subject: Re: What VERSION number is used for TLS?
>Cc: ietf-tls@w3.org
>
>The move to HMAC does change the bits on the wire (at least that was my
>interpretation of <draft-ietf-tls-ssl-mods-00.txt>).
>
>Whether the version number is 4.0 or 3.X is a minor issue in my mind. I'm
>more concerned about how version negotiation will be done. Will it work like
>3.0 where the most recent version is considered more secure? Such that if
>both sides support TLS vX.X then TLS is used. 
>
>Will TLS vX.X continue to support SSLv2 messages? The move to TLS vX.X could
>be a vehicle to force migration away from v2.0. No?
>
>Will TLS make no assumptions about previous "non-IETF" protocols and not try
>to be backwards compatible with SSL2 or SSL3? (certainly there will be
>pushback if TLS is not backward compatible with SSL3.0)
>
>Regards,
>Ned Smith
>nsmith@ibeam.intel.com
>At 07:30 AM 12/11/96 -0500, Rodney Thayer wrote:
>>-----BEGIN PGP SIGNED MESSAGE-----
>>
>>I think we need to decide what we number this thing.  I think this was and
>>will continue to be a point of confusion so I think it needs to be
>>resolved.  Here's how I think it should be resolved.  
>>
>>Right now, the document calls itself 1.0, and the protocol it specifies is
>>3.0.
>>
>>SSL also is called 3.0, if you look at the bits on the wire.
>>
>>We have rough consensus that the modifications we are making will be
>>'minor', but I believe at least one of them (the MAC change) will cause
>>this protocol to no longer exactly match "SSL 3.0".
>>
>>QUESTIONS:
>>
>>1. Am I correct the MAC changes will cause this to cease to match SSL 3.0
>>exactly?
>>
>>2. What do we call it?  I have a suggestion.  I suggest we make the label
>>of the document and the internal version match.  Furthermore, since we are
>>making a significant change to a field in the TLS Record Format
>>(TLSCiphertext MAC values will be calculated differently so an SSL 3.0 MAC
>>will not match, right?) I suggest it's not a 'minor' revision but rather a
>>'major' revision.  THEREFORE...
>>
>>I suggest we call both the SPEC and the PROTOCOL "TLS 4.0".
>>
>>Comments?  Corrections?
>>
>Ned Smith~~~~~~~~~~~~~~Intel Architecture Labs~~~~~~~~~~~~~~
>Ph: 503.264.2692 Fax: x1805  2111 N.E. 25th Ave.  Hillsboro, OR. 97124     
>Email: mailto:nsmith@ibeam.intel.com  or mailto:nsmith@bigfoot.com
>http://www.intel.com/ial/security
>~~~~~~~~~~~~~~~My opinions are my own etc. etc.~~~~~~~~~~~~
>
>
>

               Rodney Thayer <rodney@sabletech.com>       +1 617 332 7292
               Sable Technology Corp, 246 Walnut St., Newton MA 02160 USA
               Fax: +1 617 332 7970           http://www.shore.net/~sable
                           "Developers of communications software"
Received on Wednesday, 11 December 1996 18:48:53 UTC