(trimming things a bit) > On Apr 10, 2025, at 2:41 PM, Jared Mauch <ja...@puck.nether.net> wrote: > > On Tue, Apr 08, 2025 at 11:23:44AM -0700, Eric Rescorla wrote: >> As Alan observes, we are talking about levies on new protocols, not >> existing protocols. These should be deployed with TLS 1.3 for the reasons >> indicated in this draft. > > I'm sorry, that just isn't the case no matter how much you wish > it would be.
Please then answer the following questions: * do we want one already non-compliant use-case to set the bar for security? * do we want to avoid mandating TLS 1.3 for every other use-case? * when will we be able to mandate TLS 1.3? The argument for mandating TLS 1.3 explicitly acknowledges the "I don't want TLS 1.3" use-case. It also gives reasons why the mandate is believed to be acceptable for that use-case. The argument against mandating TLS 1.3 is essentially "I can't use TLS 1.3 for my use-case". What is missing from that argument is the acknowledgment that this request also changes other use-cases. I would like to see a stronger argument as to why not mandating TLS 1.3 everywhere _else_ is fine. And if that's true, what is the plan for mandating TLS 1.3, and when we will put that plan into effect. If those other issues can't be addressed, then by the same token, there's no need to address the "don't mandate TLS 1.3" argument. Alan DeKok. _______________________________________________ Anima mailing list -- anima@ietf.org To unsubscribe send an email to anima-le...@ietf.org
