> ID Nits has two complaints. The second should be fixed before I pass it to
> Paul (our AD) for review:
I merged your two PR's to fix the minor things.
As for this one: "There is no security considerations section" I cannot believe
that we made it through WGLC in the TLS group and nobody notic
I also suggest updating the ref to 8446bis since this document is pinned on
8447bis:
Issue: https://github.com/tlswg/tls12-frozen/issues/9
PR: https://github.com/tlswg/tls12-frozen/pull/10
spt
> On Dec 19, 2024, at 20:57, Sean Turner wrote:
>
> ID Nits has two complaints. The second should be
ID Nits has two complaints. The second should be fixed before I pass it to Paul
(our AD) for review:
- Section 2 (2119 language) when it is not used. You can drop that paragraph
entirely:
Issue: https://github.com/tlswg/tls12-frozen/issues/6
PR: https://github.com/tlswg/tls12-frozen/pull/7
- N
On 12/19/24, 2:09 PM, "Sean Turner" mailto:s...@sn3rd.com>>
wrote:
> Hi! This WG last call has closed. I see that Rich has proposed some edits
> that haven’t yet made it into the I-D. I will change the status to "Waiting
> for WG Chair Go-Ahead: Revised ID Needed - Issue Raised by WG”.
Well
Hi! This WG last call has closed. I see that Rich has proposed some edits that
haven’t yet made it into the I-D. I will change the status to "Waiting for WG
Chair Go-Ahead: Revised ID Needed - Issue Raised by WG”.
spt
> On Dec 3, 2024, at 16:26, Sean Turner wrote:
>
> This is the working gro
Hi! Just a reminder that this WG last call closes tomorrow.
spt
> On Dec 3, 2024, at 16:26, Sean Turner wrote:
>
> This is the working group last call for TLS 1.2 is in Feature Freeze. Please
> review draft-ietf-tls-tls12-frozen [1] and reply to this thread indicating if
> you think it is rea
On 10.12.24 17:47, Salz, Rich wrote:
How about this:
For TLS it is important to note that the focus of these efforts is
exclusively TLS 1.3 or later. Put bluntly, post-quantum cryptography
for TLS 1.2 WILL NOT be supported (see {{iana}}) at any time and
anyone wishing to deploy post-quantum
The point of this draft was to go on the record (“it’s an RFC it must be true”)
and say explicitly what the IETF will NOT be doing, and enforcing that by
directing IANA (and the experts). Will this stop someone from re-using
codepoints and backporting to their TLS 1.2 stack? Nope. It even work
'TLS List'
Subject: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature Freeze
I would suggest "For TLS, it is important to note that PQC efforts are
exclusively for TLS 1.3 or later."
To me, the draft (even v3) is not clear on this point. At some point in fut
I would suggest "For TLS, it is important to note that PQC efforts are
exclusively for TLS 1.3 or later."
To me, the draft (even v3) is not clear on this point. At some point in future,
PQ will become an urgent security issue, and the wording "outside of urgent
security fixes" in the draft see
Looks good. Thanks! From: Salz, Rich Date: Tuesday, 10 December 2024 at 18:41To: Yaron Sheffer , Alicja Kario Cc: TLS List Subject: Re: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature FreezejQcmQRYFpfptBannerEndFor the second paragraph, I would prefer “no changes and no new extension va
jQcmQRYFpfptBannerEnd
For the second paragraph, I would prefer “no changes and no new extension
values”. I don’t have a better idea for the title, so even if I think it’s not
100% precise, I’m good with keeping it.
How about this?
This document specifies that outside of
urgent security fixes, an
For the second paragraph, I would prefer “no changes and no new extension values”. I don’t have a better idea for the title, so even if I think it’s not 100% precise, I’m good with keeping it. From: Salz, Rich Date: Tuesday, 10 December 2024 at 17:45To: Yaron Sheffer , Alicja Kario Cc: TLS List Sub
On 10.12.24 16:02, Salz, Rich wrote:
The second sentence is intended to be a clarification and emphasis of
the first. I’m not aware of any TLS WG efforts to define PQC and
register them for TLS 1.2 and I believe the WG assumption – perhaps
unstated? – is that these things require and assume TL
Does this diff address your concern? What about the title? As I recall, the
draft originally said “TLS 1.2 is frozen” but there were some who wanted it
changed.
--- a/draft-ietf-tls-tls12-frozen.md
+++ b/draft-ietf-tls-tls12-frozen.md
@@ -70,7 +70,7 @@ Use of TLS 1.3 is growing and fixes some k
I honestly think it is not, given the context – not until you read the IANA section. I would suggest: no changes (including any extensions). On 10/12/2024, 17:18, "Salz, Rich" wrote:English is hard. :). I think "no new features" is clear, given the context of the words around it. I could change it
English is hard. :). I think "no new features" is clear, given the context of
the words around it. I could change it to "no changes" without changing the
intended meaning if people prefer that.
___
TLS mailing list -- tls@ietf.org
To unsubscribe send
Considering the following two statements in I-D, I have two questions:
> For TLS it is important to note that the focus of these efforts is
> TLS 1.3 or later. Put bluntly, post-quantum cryptography for TLS 1.2
> WILL NOT be supported.
To me the two sentences are contradicting. Which one
Hi all,
I think this document is ready for publication.
Cheers,
Thom Wiggers
Op ma 9 dec 2024 om 17:53 schreef Sean Turner :
> Just a reminder that this WG last call is still ongoing.
>
> spt
>
> > On Dec 3, 2024, at 16:26, Sean Turner wrote:
> >
> > This is the working group last call for TL
No, support for a new ciphersuite, especially one that uses new primitives,
is a _new feature._
At least, that's how we operate, and I am not aware of any discussions
about
that being confusing to customers... So I'm pretty sure that "Most people"
is
not correct.
On Tuesday, 10 December 2024
I think the draft is confusing to the point of almost being misleading, in particular with its use of the word “feature”. Based on the words “feature freeze” people on this list have interpreted it as merely “the TLS WG will no longer work on TLS 1.2”. But by blocking IANA registrations, this has m
I think it's ready for publication.
On Tuesday, 3 December 2024 22:26:30 CET, Sean Turner wrote:
This is the working group last call for TLS 1.2 is in Feature
Freeze. Please review draft-ietf-tls-tls12-frozen [1] and reply
to this thread indicating if you think it is ready for
publication or n
Just a reminder that this WG last call is still ongoing.
spt
> On Dec 3, 2024, at 16:26, Sean Turner wrote:
>
> This is the working group last call for TLS 1.2 is in Feature Freeze. Please
> review draft-ietf-tls-tls12-frozen [1] and reply to this thread indicating if
> you think it is ready
same thought. I think they would be better as a single document.
> But I don’t care very much.
>
>
>
> >What does the capitalization of WILL NOT mean?
>
>
>
> Yes, and it is not in RFC 6919 either… ;)
>
>
>
> Cheers,
> John
>
>
>
> *From: *Muha
7;TLS List'
Subject: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature Freeze
A few quick questions. Sorry if I am missing something obvious or some
background.
On 04.12.24 08:04, Valery Smyslov wrote:
note, that UTA WG has issued a WGLC for draft-ietf-uta-require-tls13-02 (New
[1] https://datatracker.ietf.org/doc/draft-ietf-uta-require-tls13/
Thanks for pointer to this. It looks like a more detailed version of
tls12-frozen draft. Is there a good reason not to merge the two documents? Is
it due to different WGs? or different intended status? or something else?
It wa
A few quick questions. Sorry if I am missing something obvious or some
background.
On 04.12.24 08:04, Valery Smyslov wrote:
note, that UTA WG has issued a WGLC for draft-ietf-uta-require-tls13-02 (New
Protocols Must Require TLS 1.3) [1].
[1]https://datatracker.ietf.org/doc/draft-ietf-uta-re
ich
mailto:40akamai@dmarc.ietf.org>>
Date: Wednesday, 4 December 2024 at 15:21
To: John Mattsson
mailto:john.matts...@ericsson.com>>, Sean Turner
mailto:s...@sn3rd.com>>, TLS List
mailto:tls@ietf.org>>
Subject: Re: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature
December 2024 at 15:21
> *To: *John Mattsson , Sean Turner <
> s...@sn3rd.com>, TLS List
> *Subject: *Re: [TLS] Re: Working Group Last Call for TLS 1.2 is in
> Feature Freeze
>
> >TLS 1.3 enjoys robust
>
> >security proofs and provides excellent security as-is.
>
That would address your concern.
John
From: Salz, Rich
Date: Wednesday, 4 December 2024 at 15:21
To: John Mattsson , Sean Turner ,
TLS List
Subject: Re: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature Freeze
>TLS 1.3 enjoys robust
>security proofs and provides excellent se
Looks good to me. Consider removing the Acknowledgements section, as it's
not really used.
Chris P.
On Wed, Dec 4, 2024 at 2:48 AM Bas Westerbaan wrote:
> Nit: second paragraph of section 3 starts with "While the industry is
> waiting for NIST to finish standardization". That's not true anymore
>TLS 1.3 enjoys robust
>security proofs and provides excellent security as-is.
as-is, TLS 1.3 does not provide excellent security for long-term connections.
It removes essential features such as asymmetric rekeying and reauthentication.
Would changing it to “provides excellent security for many us
Nit: second paragraph of section 3 starts with "While the industry is
waiting for NIST to finish standardization". That's not true anymore.
Otherwise it's good to go.
On Tue, Dec 3, 2024 at 10:28 PM Sean Turner wrote:
> This is the working group last call for TLS 1.2 is in Feature Freeze.
> Ple
Hi,
I have reviewed the draft. I think it is ready for publication with some minor
changes. See my comments below.
>TLS 1.2 is in widespread use
This will not age well. I suggest removing widespead.
>TLS 1.3 enjoys robust
>security proofs and provides excellent security as-is.
as-is, TLS 1.3 do
Hi,
note, that UTA WG has issued a WGLC for draft-ietf-uta-require-tls13-02 (New
Protocols Must Require TLS 1.3) [1].
The call will also end on December 17, 2024. You may want to review both drafts
at the same time since they are related.
Regards,
Valery.
[1] https://datatracker.ietf.org/doc/
Hi,
Conceptually, it is ready (I've read it before). I think it needs another
editorial pass. For example, the introduction repeats the abstract. I think
the abstract should be one sentence, something like "The TLS WG will now
work on TLS 1.3 and new versions." That sounds a little stilted, but
so
36 matches
Mail list logo
