On Tue, Apr 08, 2025 at 04:48:12PM +, Salz, Rich wrote:
> Is the second paragraph of Sec 4 not sufficient? It says “If deployment
> considerations are a concern, the protocol MAY specify TLS 1.2 as an
> additional, non-default option.”
That wording alone encourages non-interop: One implement
On Tue, Apr 08, 2025 at 11:23:44AM -0700, Eric Rescorla wrote:
> I don't agree that this change is indicated. TLS 1.3 is far more widespread
> than just in browsers. It's been in major libraries for years and is
> supported in the Windows, MacOS, iOS, and Android stacks. This is not to say
> that
On Wed, Apr 09, 2025 at 07:51:59PM -0700, Eric Rescorla wrote:
> Perhaps not, but that's not what I am saying. Rather, the point I am
> making is that your proposed text limiting this to *browsers* is far too
> narrow and the
> original text that says TLS 1.3 is widely deployed is in fact correct
Valery,
you are talking about constrained IoT devices, i am talking about the broader
set of "embedded" (most not very constrained) devices, such as used in wide
range
of industries, typically with extremely long technology adoption and
certification cycles.
Cheers
Toerless
On Wed, Apr 09
Dear IESG, *:
We received IESG review for draft-ietf-anima-brski-prm that was asking to
make the use of TLS 1.3 mandatory based on the expectation that
draft-ietf-uta-require-tls13
would become RFC - unless we provide sufficient justification in our (prm)
draft.
I would like to point out, that
ase see inline one clarification comment as I think that is important.
>
> Cheers,
> Med
>
> > -Message d'origine-
> > De : Toerless Eckert
> > Envoyé : mardi 8 avril 2025 18:05
> > À : draft-ietf-uta-require-tls13@ietf.org; last-c...@ietf.o
Please do not confuse IoT with "constrained devices/networks". The later has
been
the mayority of focus of IoT work in the IETF for almost two decades now, but it
is not how IoT is used outside the IETF - including how most non-IETF attendants
would read the term "IoT" in RFCs (not knowing the IET
