The revised draft
https://datatracker.ietf.org/doc/draft-reddy-tls-composite-mldsa/ addresses
comments from Alicja and Illari. Further, comments and suggestions are
welcome.
-Tiru
-- Forwarded message -
From:
Date: Tue, 26 Nov 2024 at 11:07
Subject: New Version Notification for d
David A. Cooper writes:
>what bugs would still remain that TLS-LTS fixes?
This is another thing that's already answered in the draft, for example:
In particular, this document takes inspiration from numerous
published analyses of TLS [TLS-Analysis-1] [TLS-Analysis-2]
[TLS-Analysi
Watson Ladd writes:
>with no formal analysis vs many,
What is there to analyse? That's a serious question, there's a few very minor
tweaks that address long-standing and well-known problem areas (which is why
I've used the term "no-brainer" in the past), what would you actually analyse?
Peter.
On Tue, Nov 26, 2024, 7:19 PM Peter Gutmann
wrote:
> Watson Ladd writes:
>
> >The draft isn't a minor change: it makes handshake and record layer
> changes
> >so everyone would need to install new software and suffer similar compat
> >issues as with a 1.3 update.
>
> This has already been answer
Watson Ladd writes:
>The draft isn't a minor change: it makes handshake and record layer changes
>so everyone would need to install new software and suffer similar compat
>issues as with a 1.3 update.
This has already been answered several times both in the draft and previously
in the discussion
On 26.11.24 18:06, Watson Ladd wrote:
But it's starting from 0 years rather than 6 years, with no formal
analysis vs many, with few to zero implementations vs considerable
support.
I share this concern. Therefore, I do not support adoption. I think
nobody would like to formally verify the up
This guidance document already exists: https://datatracker.ietf.org/doc/html/rfc9325 Thanks, Yaron On 26/11/2024, 22:58, "David A. Cooper" wrote:For me, the question of TLS-LTS or TLS 1.3. If TLS-LTS is a bug fix, then what bugs does it fix that can not be fixed without defining a n
For me, the question of TLS-LTS or TLS 1.3. If TLS-LTS is a bug fix,
then what bugs does it fix that can not be fixed without defining a new
extension? If it were replaced with a guidance document that said
clients and servers MUST only support cipher suites X, Y, and Z, MUST
support encrypt-th
> On Nov 26, 2024, at 12:39, Rob Sayre wrote:
>
> btw, the adoption call is supposed to end today
Is in indeed closing today. Just a reminder to keep this thread professional.
spt
___
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to
On Tue, Nov 26, 2024 at 9:06 AM Watson Ladd wrote:
>
>
> On Tue, Nov 26, 2024, 11:13 AM Salz, Rich wrote:
>
>> Either you have new code and break compat or not. That's what really
>> makes the planning hard IMHO. To the extent there is risk associated the
>> widespread use of TLS 1.3 is a signif
Hiya,
Given that this spec requires changes, and assuming (I've not checked)
that there aren't already lots of implementations/deployments after 8
years (since the -00), and that the edhoc protocol has been developed
in the meantime (catering for part of the relevant niche), I am not in
favour o
On Tue, Nov 26, 2024, 11:13 AM Salz, Rich wrote:
> Either you have new code and break compat or not. That's what really makes
> the planning hard IMHO. To the extent there is risk associated the
> widespread use of TLS 1.3 is a significant mitigating factor for
> undiscovered bugs rolling this ou
Either you have new code and break compat or not. That's what really makes the
planning hard IMHO. To the extent there is risk associated the widespread use
of TLS 1.3 is a significant mitigating factor for undiscovered bugs rolling
this out won't have.
Spoken by someone who has little experien
On Tue, Nov 26, 2024, 9:38 AM Salz, Rich wrote:
> > The draft isn't a minor change: it makes handshake and record
> > layer changes so everyone would need to install new software and
> > suffer similar compat issues as with a 1.3 update.
>
> Compare a diff for this versus a 1.3 implementation. T
> The draft isn't a minor change: it makes handshake and record
> layer changes so everyone would need to install new software and
> suffer similar compat issues as with a 1.3 update.
Compare a diff for this versus a 1.3 implementation. The latter is huge.
Also, the former can be considered a
On Tuesday, 26 November 2024 03:51:20 CET, Watson Ladd wrote:
On Mon, Nov 25, 2024, 8:47 PM Salz, Rich
wrote:
Could you explain why thiis way is better than changing to TLS 1.3?
It is often the case that organizations will find it easy to
make a fairly minor change rather than installing
Just a reminder that this is still ongoing!
spt
> On Nov 15, 2024, at 19:17, Joseph Salowey wrote:
>
> This is the working group last call for SSLKEYLOGFILE Extension for Encrypted
> Client Hello. Please review draft-ietf-tls-ech-keylogfile-01 [1] and reply to
> this thread indicating if you
17 matches
Mail list logo
