Why isn't TLS just called SSL v 4.0?

I believe this is mostly due to the fact that SSL was never a considered an internet standard.

This quote is from the SSL 3.0 RFC.

Although the SSL 3.0 protocol is a widely implemented protocol, a pioneer in secure communications protocols, and the basis for Transport Layer Security (TLS), it was never formally published by the IETF, except in several expired Internet-Drafts. This allowed no easy referencing to the protocol.

When TLS was accepted as an internet standard, the people in charge probably wanted a new term to distinguish it from the older, "non-standard" SSL protocol.


Tim Dierks gave the real answer: “As a part of the horsetrading, we had to make some changes to SSL 3.0 (so it wouldn't look the IETF was just rubberstamping Netscape's protocol), and we had to rename the protocol (for the same reason). And thus was born TLS 1.0 (which was really SSL 3.1). And of course, now, in retrospect, the whole thing looks silly.”

http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html?m=1

Tags:

Tls

Related

Is there any way to tell if CCTV is on or not? How secure is the Windows 8 included Anti Virus known as Windows Defender? Are there any customizable vulnerability notification services? Does CSRF work when the target site is not open on a tab? Is it possible to pass TCP handshake with spoofed IP address? Why is blog spam always written so badly? Is the fact that Tor's development is largely government funded cause for concern? Why is the Samy Worm considered XSS? Using Private Browsing mode while connected to organization's network How likely/possible is it that the NSA have broken common encryption techniques such as SSL/TLS? What are the security implications of using TOTP for single factor authentication? What is the difference between Promiscuous and Monitor Mode in Wireless Networks?

Recent Posts