Hi, all,
We are updating the IoT profile draft and wanted to gather some input on
the following three topics:
1. Reliance on SW updates for certificate status information instead of
CRLs and OCSP
7925 Section 4.4.3 says:
For certificate revocation, neither the Online Certificate Status
Hi all,
We have reviewed all the published RFCs that depend on 7252 [1] and have
reached the conclusion that the updates made in 7252-bis don’t break any
requirement stated in those documents.
Please have a look yourselves, and feel free to forward this to anyone you
think may be a stakeholder
Obviously, s/CoAP/TLS BCP/ 😊
Apologies for the lapsus.
On 16/11/2021, 18:23, "Uta" wrote:
Hi all,
We have reviewed all the published RFCs that depend on 7252 [1] and have
reached the conclusion that the updates made in 7252-bis don’t break any
requirement stated in those documents.
Please ha
Hi Ilari, thanks for the great feedback.
On the exponents reuse point you raised:
From: Uta on behalf of Ilari Liusvaara
> - Section 6.4:
>
> Reusing ECDH exponents is insecure unless one either:
>
> 1) Checks for point validity, or
> 2) Uses montgomery ladder with twist-secure curve.
>
> Curr
Hi Nimrod,
Thanks for your comments and apologies for the slow response time.
From: Uta on behalf of Nimrod Aviram
> Coauthor of draft-bartle-tls-deprecate-ffdhe here (the document is
> undergoing reorganization, and the work-in-progress state can be found
> here).
>
> draft-ietf-uta reference
Hi Nimrod,
> Nimrod Aviram wrote:
>
> I understand you're going with non-ephemeral finite-field
> Diffie-Hellman as a SHOULD NOT?
> Could you please elaborate on your reasons for this decision?
I would expect that raising the normative bar to MUST NOT should come
in a document with TLS WG consen
From: UTA on behalf of Thomas Fossati
> On the exponents reuse point you raised:
>
> From: Uta on behalf of Ilari Liusvaara
>
> > - Section 6.4:
> >
> > Reusing ECDH exponents is insecure unless one either:
> >
> > 1) Checks for point validity, o
"Subordinate CA" should be used. That this
>is consistent with history going back to RFC4949.
Noted [2]
[2] https://github.com/thomas-fossati/draft-tls13-iot/issues/20
> 3) While section 10 on SNI does not say *how* to use DoH or DPRIVE to
>provide for confidentiali
> On 03/04/2022, 21:01, "Michael Richardson" wrote:
> Thomas Fossati wrote:
> >> Reading through the lines, it appears that a server that can't
> >> handle early data needs to send an error code. But such a
> >> server probably doesn&#
In favour of adoption. Also, happy to review.
From: Uta on behalf of Valery Smyslov
Date: Friday, 22 April 2022 at 14:00
To: uta@ietf.org
Cc: uta-cha...@ietf.org ,
draft-ciphersuites-in-sec-sys...@ietf.org
Subject: [Uta] Call for adoption of draft-ciphersuites-in-sec-syslog
Hi,
recent dis
Francesca and Paul: thank you very much for the thorough reviews.
Your comments are on GitHub, see https://github.com/yaronf/I-D/labels/BCP195,
and we’ll try to address them as soon as possible.
Cheers and thanks again!
From: Francesca Palombini
Date: Monday, 16 May 2022 at 14:15
To: uta@ietf.
Ben: thanks a lot for the thorough review.
We are tracking your comments here:
https://github.com/yaronf/I-D/issues?q=is%3Aopen+is%3Aissue+label%3A%22secdir+review%22
and will work to resolve them ASAP.
Cheers!
From: Benjamin Kaduk via Datatracker
Date: Thursday, 2 June 2022 at 04:16
To: sec.
ctories.
This draft is a work item of the Using TLS in Applications WG of the IETF.
Title : Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security (DTLS)
Authors : Yaron Sheffer
Peter Saint-A
Hi Cullen, thanks very much for the review.
Just a quick comment on the PS vs BCP point:
On Friday, 8 July 2022 at 15:18, Cullen Jennings via Datatracker
wrote:
> [snip]
> I don't think BCP is the appropriate status for this. I think it
> should be PS. It explicitly says that is not trying to
Hi Cullen,
On Sunday, 10 July 2022 at 11:41, Cullen Jennings wrote:
> > On Jul 8, 2022, at 9:37 AM, Thomas Fossati wrote:
> >
> > I keep an eye on data from a cute crawler [0] that regularly scans
> > the top 1 million web sites, and twice per year makes a summary of
&
On Thursday, 14 July 2022 at 06:43, Rob Sayre wrote:
> Sure, mandate TLS 1.2 support. That seems like a really good idea.
This statement is slightly inaccurate: the document mandates support of
a significantly restricted profile of (D)TLS 1.2 -- likely the same
thing that Martin Thomson alluded t
Hi Rob,
On Monday, 18 July 2022 at 15:35, Rob Wilton (rwilton)
wrote:
> > I think that you are right to be cautious here. What you want to
> > have happen is interoperability. If you say 1.2 or later, then
> > there is a risk of some implementations doing 1.2 only and some
> > doing 1.3 only,
Hi Rob, Peter,
On Thursday, 14 July 2022 at 16:07, Peter Saint-Andre
wrote:
> On 7/14/22 3:37 AM, Robert Wilton via Datatracker wrote:
> > (4)
> > When using RSA, servers MUST authenticate using certificates
> > with at least a 2048-bit modulus for the public key. In
> > addition, t
On Tuesday, 19 July 2022 at 08:42 Thomas Fossati wrote:
> Hi Rob, Peter,
>
> On Thursday, 14 July 2022 at 16:07, Peter Saint-Andre
> wrote:
> > On 7/14/22 3:37 AM, Robert Wilton via Datatracker wrote:
> > > (4)
> > > When using RSA, servers
Hi Chris,
On 11/09/2022, 23:26, "Uta" wrote:
> Hi,
>
> We've submitted an update to this ID for review by the Working Group.
>
> Thanks to our reviewers and their suggestions. We've incorporated most
> of their recommended changes.
>
> We would like to ask the WG for consensus regarding the use o
Hi all,
On 28/10/2022, 13:20, "Uta" wrote:
> this is just a friendly reminder, that the WGLC is in progress and
> will end soon.
> So far we received only one message from one of the authors.
> Please, find a moment to review the draft and drop a message to the
> list about its readiness for furt
Hi Paul, all,
I agree with Yaron: this looks like a (D)TLS profiling aspect that
should be defined by the HL7 protocol.
Cheers, t
On 08/11/2022, 10:36, "Uta" wrote:
>
> Hi Paul,
>
> I'm actually not sure this is a good idea, and not because we are at
> the RFC Editor.
>
> TLS has intentionally
hi Renzo, all,
On Tue, 3 Dec 2024 at 12:03, Renzo Navas wrote:
> 1. [IPR] Can you please individually confirm that you have
> declared/complied with the IPR disclosure obligations described in BCP
> 79 ( https://datatracker.ietf.org/doc/bcp79/ )?
I am not aware of any IPR relating to this docume
itle: TLS/DTLS 1.3 Profiles for the Internet of Things
>Authors: Hannes Tschofenig
> Thomas Fossati
> Michael Richardson
>Name:draft-ietf-uta-tls13-iot-profile-14.txt
>Pages: 29
>Dates: 2025-05-05
>
> Abstract:
>
>RFC 7925 o
Thanks for your review, Marco, much appreciated.
All your comments have been addressed in -14.
cheers, t
On Tue, 15 Apr 2025 at 04:24, Marco Tiloca
wrote:
>
> Hi all,
>
> I have re-read the document, and I think it's basically ready.
>
> Please find below just a few nits that I could notice.
>
25 matches
Mail list logo
