Why do we still use the terms SSL and HTTPS?

Huge effort. Little technical return.

Introducing a new scheme (schemes are e.g. http://, https://, ftp://, etc.) and deploying it would mean breaking backwards compatibility. Not worth it.

Political rather than technical
Ivan Ristic devotes some sentences in the introduction to his book to this.

The book is called Bulletproof SSL and TLS. You've got both the "SSL" and "TLS" right in the title. (Go figure.)

The introductory chapter is free online. The naming controversy is mentioned in section "SSL versus TLS" (page xix) and section "Protocol History" (page 3).

It seems the whole reason for renaming from SSL to TLS was political rather than technical. Ristic's footnotes link to the blog of Tim Dierks. Dierks wrote the SSL 3.0 reference implementation in 1996 and this is his take on the naming:

  • Tim Dierks, 2014-05-23, Security Standards and Name Changes in the Browser Wars (archived here):

    As a part of the horsetrading, we had to make some changes to SSL 3.0 (so it wouldn't look [like] the IETF was just rubberstamping Netscape's protocol), and we had to rename the protocol (for the same reason). And thus was born TLS 1.0 (which was really SSL 3.1). And of course, now, in retrospect, the whole thing looks silly.

Further reading

  • Here's another take on the naming. It's by Mike McCana (who operates a CA himself):
    Mike McCana, CertSimple.com blog, 2016-01-05, Why do we still say SSL? (Archived here.)

Why don't we say HTTPT (HTTP over TLS) and use the scheme httpt://?

Because it would be a waste of time and money to change everything without effectively gaining anything?


Mostly tradition. People have been using "SSL" to refer to encrypted communications for so long that even though the protocols called SSL have all been replaced, the name has stuck around.

As for why we don't call it HTTPT, a big part of the reason is that Cool URLs Don't Change. A huge number of links in existing Web pages would break, and many of them would likely never be updated. As depressing as it can sound, we cannot count on users to understand how to convert these into HTTPT links, even though it might mean changing only one character.

Besides, Berkeley Breathed and the authors of ack might get mad.

Tags:

Tls

Recent Posts