On Wed, Jun 30, 2021, at 5:46 PM, Daniel Gustafsson wrote:
> I am not in favor of this direction. I think it just adds tediousness and doesn't really help anyone. If we are worried about correct terminology, then we should just change everything to TLS.
I actually think SSL/TLS has won the debate of "correct terminology" for
describing a secure connection encrypted by a TLS protocol.
TLS is described as a successor of SSL. However, the terminology SSL is still
popular when you are talking about secure connection over a computer network.
It seems that's one of the main reasons for articles/documentation use SSL/TLS.
The primary use of SSL/TLS is to secure WWW connections over HTTP protocol. A
recent survey reveals that SSL is supported by less than 4% of the websites in
the world [1]. SSL 3.0 (the latest published protocol version) is deprecated
since 2015 (6 years ago) [2]. There is no web browser that has SSL enabled by
default (indeed, most of them don't support SSL anymore).
I tend to agree with Peter that the correct terminology is TLS. However, SSL is
still popular (probably because popular SSL/TLS libraries contain SSL in its
name). If we change to SSL/TLS, I'm afraid we have this discussion again for
(a) remove SSL or (b) add another popular secure protocol and we end up with
SSL/TLS/FOO terminology.
Commit fe61df7f introduces a new configure option that is --with-ssl. Such
option is also used in other softwares too. All configuration parameters
related to SSL/TLS starts with ssl. It is hard to decide among popular (SSL),
correct (TLS), and mix (SSL/TLS).
If I have to pick one, it would be SSL/TLS. It mentions both acronyms that is
easier to correlate with configuration parameters, secure connections (via
--with-ssl) and current protocol (TLS).
Your patch doesn't apply anymore and requires a rebase. I'm attaching a new
version. It looks good to me. I noticed that you are using
<acronym>SSL/TLS</acronym>, however, the acronyms are declared separated. It
doesn't seem to be a presentation issue per se but I'm asking just in case.
