[TLS] Ketan Talaulikar's No Objection on draft-ietf-tls-tls12-frozen-07: (with COMMENT)
Ketan Talaulikar has entered the following ballot position for draft-ietf-tls-tls12-frozen-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-tls12-frozen/ -- COMMENT: -- Thanks for this document. A couple of comments (that I found ambiguous) for consideration of the authors and the responsible AD. 1) Section 1 "This document specifies that outside of urgent security fixes, and the exceptions listed in Section 4, no changes will be approved for TLS 1.2." Following the conversations, it seems like the goal is for IETF to not adopt or approve work related to TLS 1.2 except some (exceptional) cases of security issues that are agreed upon in the TLS WG. If so, text along those lines would help clear ambiguities. 2) Section 2 "Put bluntly, post-quantum cryptography for TLS 1.2 WILL NOT be supported (see Section 4) at any time and anyone wishing to deploy post-quantum cryptography should expect to be using TLS 1.3." The use of uppercase BCP14-like language tripped me as well. I believe the intention here is again that this work not be undertaken in the IETF (i.e., enhancements related to PQC MUST NOT be specified by IETF?). Is there something to be added in the IANA considerations with regards to guidance to DEs to follow the guidelines in this document and not make allocations for TLS 1.2 extensions that may come from outside the IETF standards track? Finally a question, unrelated to this document, does the TLS WG charter need an update to capture some of this decision/direction? ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Re: The TLS-LTS Saga
RFC 4846 states that you may ask the IAB to review the ISE's decision. If they choose to do so (they don't have to), they may advise the ISE to reconsider. You are welcome to use this route. If the IAB does advise me to reconsider, I certainly will do so. I have made mistakes before. Eliot On 30.03.2025 12:51, Peter Gutmann wrote: Salz, Rich writes: This isn't right. We held up on advancing the frozen draft until we thought TLS-LTS was through the ISE process. I pointed this out to the ISE editor but he just ignored it and blocked publication anyway. What's the appeal/review mechanism for getting this misuse of the IETF process corrected? Peter.___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Re: The TLS-LTS Saga
Salz, Rich writes: >This isn't right. > >We held up on advancing the frozen draft until we thought TLS-LTS was through >the ISE process. I pointed this out to the ISE editor but he just ignored it and blocked publication anyway. What's the appeal/review mechanism for getting this misuse of the IETF process corrected? Peter. ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Re: Ketan Talaulikar's No Objection on draft-ietf-tls-tls12-frozen-07: (with COMMENT)
Thank you for the review. 1) Section 1 "This document specifies that outside of urgent security fixes, and the exceptions listed in Section 4, no changes will be approved for TLS 1.2." Following the conversations, it seems like the goal is for IETF to not adopt or approve work related to TLS 1.2 except some (exceptional) cases of security issues that are agreed upon in the TLS WG. If so, text along those lines would help clear ambiguities. What do you think is ambiguous? “no changes will be approved”? By whom? Does changing the last phrase to be “the IETF will not approve any changes for TLS 1.2” clarify the ambiguity? 2) Section 2 "Put bluntly, post-quantum cryptography for TLS 1.2 WILL NOT be supported (see Section 4) at any time and anyone wishing to deploy post-quantum cryptography should expect to be using TLS 1.3." The use of uppercase BCP14-like language tripped me as well. I believe the intention here is again that this work not be undertaken in the IETF (i.e., enhancements related to PQC MUST NOT be specified by IETF?). Will this is a STD document so the UPPERCASE is okay. Same question as above, please explain what you see as the ambiguity. (This is a standards-track document, so presumably it’s binding on the IETF) Is there something to be added in the IANA considerations with regards to guidance to DEs to follow the guidelines in this document and not make allocations for TLS 1.2 extensions that may come from outside the IETF standards track? I believe the IANA considerations section is quite clear: DO NOT ADD anything for 1.2. The wording there was worked out with IANA folks. Finally a question, unrelated to this document, does the TLS WG charter need an update to capture some of this decision/direction? I do not know. ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Weekly github digest (TLS Working Group Drafts)
Issues -- * tlswg/rfc8447bis (+0/-2/💬0) 2 issues closed: - Address SecDir review comments https://github.com/tlswg/rfc8447bis/issues/69 - Address SecDir review comments https://github.com/tlswg/rfc8447bis/issues/69 * tlswg/tls12-frozen (+0/-2/💬2) 2 issues received 2 new comments: - #9 Ref: 8446->844bis (1 by richsalz) https://github.com/tlswg/tls12-frozen/issues/9 - #8 Nits complaint: No Security Considerations Section (1 by richsalz) https://github.com/tlswg/tls12-frozen/issues/8 2 issues closed: - Ref: 8446->844bis https://github.com/tlswg/tls12-frozen/issues/9 - Nits complaint: No Security Considerations Section https://github.com/tlswg/tls12-frozen/issues/8 Pull requests - * tlswg/rfc8447bis (+0/-1/💬0) 1 pull requests merged: - Address SecDir comments https://github.com/tlswg/rfc8447bis/pull/73 * tlswg/tls12-frozen (+1/-1/💬0) 1 pull requests submitted: - It is about TLS registries (by boucadair) https://github.com/tlswg/tls12-frozen/pull/12 1 pull requests merged: - It is about TLS registries https://github.com/tlswg/tls12-frozen/pull/12 Repositories tracked by this digest: --- * https://github.com/tlswg/certificate-compression * https://github.com/tlswg/dnssec-chain-extension * https://github.com/tlswg/draft-deprecate-obsolete-kex * https://github.com/tlswg/draft-ietf-tls-cert-abridge * https://github.com/tlswg/draft-ietf-tls-ctls * https://github.com/tlswg/draft-ietf-tls-ecdhe-psk-aead * https://github.com/tlswg/draft-ietf-tls-ech-keylogfile * https://github.com/tlswg/draft-ietf-tls-esni * https://github.com/tlswg/draft-ietf-tls-external-psk-importer * https://github.com/tlswg/draft-ietf-tls-grease * https://github.com/tlswg/draft-ietf-tls-iana-registry-updates * https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate * https://github.com/tlswg/draft-ietf-tls-semistatic-dh * https://github.com/tlswg/draft-ietf-tls-svcb-ech * https://github.com/tlswg/draft-ietf-tls-ticketrequest * https://github.com/tlswg/draft-ietf-tls-tls13-vectors * https://github.com/tlswg/dtls-conn-id * https://github.com/tlswg/dtls-rrc * https://github.com/tlswg/dtls13-spec * https://github.com/tlswg/oldversions-deprecate * https://github.com/tlswg/rfc4492bis * https://github.com/tlswg/rfc8447bis * https://github.com/tlswg/rfc8773bis * https://github.com/tlswg/sniencryption * https://github.com/tlswg/sslkeylogfile * https://github.com/tlswg/sslv3-diediedie * https://github.com/tlswg/super-jumbo-record-limit * https://github.com/tlswg/tls13-spec * https://github.com/tlswg/tls-exported-authenticator * https://github.com/tlswg/tls-flags * https://github.com/tlswg/tls-key-share-prediction * https://github.com/tlswg/tls-key-update * https://github.com/tlswg/tls-record-limit * https://github.com/tlswg/tls-subcerts * https://github.com/tlswg/tls12-frozen * https://github.com/tlswg/tls13-pkcs1 * https://github.com/tlswg/tls13-rfc -- To have a summary like this sent to your list, see: https://github.com/ietf-github-services/activity-summary ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
