Why isn't TLS just called SSL v 4.0?

I believe this is mostly due to the fact that SSL was never a considered an internet standard.

This quote is from the SSL 3.0 RFC.

Although the SSL 3.0 protocol is a widely implemented protocol, a pioneer in secure communications protocols, and the basis for Transport Layer Security (TLS), it was never formally published by the IETF, except in several expired Internet-Drafts. This allowed no easy referencing to the protocol.

When TLS was accepted as an internet standard, the people in charge probably wanted a new term to distinguish it from the older, "non-standard" SSL protocol.


Tim Dierks gave the real answer: “As a part of the horsetrading, we had to make some changes to SSL 3.0 (so it wouldn't look the IETF was just rubberstamping Netscape's protocol), and we had to rename the protocol (for the same reason). And thus was born TLS 1.0 (which was really SSL 3.1). And of course, now, in retrospect, the whole thing looks silly.”

http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html?m=1

Tags:

Tls