pull down to refresh

This short article explains why SSL 3.1 was renamed to TLS:
May 23, 2014 Security Standards and Name Changes in the Browser Wars
The Netscape/Microsoft browser wars in the mid-90's were really vicious and competitive. They really had it out for each other.
Netscape had developed the SSL protocol. The initial version had cryptographic flaws and was broken pretty quickly, and never released. The first production version was SSL 2, which was in use for a few years. (I don't know the exact versions of Navigator it shipped in.)
SSL 2 had some flaws, both cryptographic and practical; not dramatic enough to make replacing it a crisis, but it clearly needed some work from early on.
As a part of the cutthroat competition, Microsoft decided to revise the SSL 2 protocol with some additions of their own, and specified a protocol called "PCT" that was derived from SSL 2. It was only supported in IE and IIS.
Netscape also wanted to address SSL 2 issues, but wasn't going to let Microsoft take leadership/ownership in the standard, so they developed SSL 3.0, which was a more significant departure.
Various people in the industry & community didn't want a fork, so we (Consensus Development, where I worked with Christopher Allen at the time, and where I had written the SSL 3.0 reference implementation under contract to Netscape) hosted a meeting between representatives from Netscape and Microsoft; I forget everyone who was there, but I recall that Bruce Schneier was there (before he was famous), and probably Paul Kocher, who had designed the SSL 3 protocol; Barbara Fox represented Microsoft. And we negotiated a deal where Microsoft and Netscape would both support the IETF taking over the protocol and standardizing it in an open process, which led to me editing the RFC.
As a part of the horsetrading, we had to make some changes to SSL 3.0 (so it wouldn't look the IETF was just rubberstamping Netscape's protocol), and we had to rename the protocol (for the same reason). And thus was born TLS 1.0 (which was really SSL 3.1). And of course, now, in retrospect, the whole thing looks silly.
I found the link to this here.
It's pretty cool to see that people had to fight for things we now take for granted in the past. There is only one internet, not many incompatible forks.
But it's also terrifying because maybe we'll have similar fights for bitcoin, lightning or nostr and we don't know yet in what timeline we're going to end up.
It's good to see that certain battles often work out for the benefit of the users.
From what I've seen, it was the same with Bitcoin in the first war and I hope it continues to be the same in the future.
reply