[TLS] Re: Fwd: New Version Notification for draft-reddy-tls-composite-mldsa-00.txt
On Fri, 22 Nov 2024 at 20:39, Ilari Liusvaara wrote: > On Fri, Nov 22, 2024 at 07:34:18PM +0530, tirumal reddy wrote: > > Thank you, Alicja, for the review. I agree with all your comments and > have > > raised a PR https://github.com/tireddy2/composite-mldsa/pull/1 to > address > > them. > > I think it would be better to have a footnote for the two > SignatureScheme values that are not allowed in signature_algorithms than > adding a whole new column. The TLS ExtensionType Values already has such > footnote for non-standard behavior in where the ech_outer_extensions > extension can appear. > Sure, added a footnote. > > However, I do not think it is clear if clent is allowed to send the > values in signature_algorithms or not. And if not, how is the server to > handle the values appearing anyway? And the values are definitely not > allowed to appear in CertificateVerify, but this is not stated. > Thanks, updated draft to provide clarification. -Tiru > > As reference, TLS 1.3 does allow PKCS#1 v1.5 signatures in > signature_algorithms, but not in CertificateVerify. And there are no > notes in the registry about that. > > > > > -Ilari > > ___ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org > ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
Andrew Campling mailto:andrew.campl...@419.cons>ulting> writes: >it should be possible to communicate clearly to implementers and others the >relative positions of TLS 1.2, TLS-LTS and TLS 1.3 with reference RFC 9325 >and any other relevant documents etc. On 11/25/24, 6:47 AM, "Peter Gutmann" mailto:pgut...@cs.auckland.ac.nz>> wrote: > Makes sense, I'd have no problems doing that, although as mentioned for RFC > 9325 I'd prefer to reference it as "further advice" to avoid confusion over > the fact that a lot of it covers things that don't exist in -LTS. I'm open to > suggestions on how to handle this, maybe it's nothing to be concerned about. I'd be willing to provide some rough/initial text if it would help this get adopted. ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
Andrew Campling writes: >it should be possible to communicate clearly to implementers and others the >relative positions of TLS 1.2, TLS-LTS and TLS 1.3 with reference RFC 9325 >and any other relevant documents etc. Makes sense, I'd have no problems doing that, although as mentioned for RFC 9325 I'd prefer to reference it as "further advice" to avoid confusion over the fact that a lot of it covers things that don't exist in -LTS. I'm open to suggestions on how to handle this, maybe it's nothing to be concerned about. Peter. ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
On Mon, Nov 25, 2024, 8:47 PM Salz, Rich wrote: > >- Could you explain why thiis way is better than changing to TLS 1.3? > > > > It is often the case that organizations will find it easy to make a fairly > minor change rather than installing a whole new version. You’ve never seen > this? > The draft isn't a minor change: it makes handshake and record layer changes so everyone would need to install new software and suffer similar compat issues as with a 1.3 update. > ___ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org > ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
I don't know. Could you explain why thiis way is better than changing to TLS 1.3? thanks, Rob On Mon, Nov 25, 2024 at 5:38 PM Peter Gutmann wrote: > Salz, Rich writes: > > >I'd be willing to provide some rough/initial text if it would help this > get adopted. > > Sure, any input is welcome. > > Peter. > > > > ___ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org > ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
* Could you explain why thiis way is better than changing to TLS 1.3? It is often the case that organizations will find it easy to make a fairly minor change rather than installing a whole new version. You’ve never seen this? ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
Salz, Rich writes: >I'd be willing to provide some rough/initial text if it would help this get >adopted. Sure, any input is welcome. Peter. ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
