Thanks Kathleen, these look like good changes. Nits in the proposed BCP195 section: Lose the "p" in mpost and s/off of/on/
On Fri, May 3, 2019, at 01:12, Kathleen Moriarty wrote: > Thank you for your feedback in this review. Responses inline as to how > I propose it is addressed: > > On Sat, Apr 13, 2019 at 12:16 AM Martin Thomson <m...@lowentropy.net> wrote: > > Section 1.1 doesn't say *how* those listed documents are updated. Might pay > > to include a few works on how. > > Thank you, that was helpful feedback. I changed the introduction text > as follows: > OLD: > This document updates these RFCs that normatively reference TLSv1.0 or > TLSv1.1 or DTLS1.0 and have not been obsoleted. > NEW: > This document updates the following RFCs that normatively reference > TLSv1.0 or TLSv1.1 or DTLS1.0. The update is to obsolete usage of these > older versions. Fallback to these versions are prohibited through this > update. > > > Section 2 can be cut down a lot. The quote from another document is longer > > than the rest of the text. In many ways, saying that the IETF is moving > > last is not a great thing to memorialize in RFC, as much as it is useful in > > an Internet-Draft or in argumentation in support of publication of the doc. > > A bunch has been cut out already, but I propose also cutting out the > following text to address your specific point (well taken): > 1st paragraph and last 2. > > REMOVE: > Industry has actively followed guidance provided by NIST and the PCI > Council to deprecate TLSv1.0 and TLSv1.1 by June 30, 2018. TLSv1.2 > should remain a minimum baseline for TLS support at this time. > > The Canadian government treasury board have also mandated that these > old versions of TLS not be used. > > Various companies and web sites have announced plans to deprecate > these old versions of TLS. > > > > The title of Section 3 could be a bit clearer. > Proposed: > SHA-1 Usage Problematic in TLSv1.0 and TLSv1.1 > > If you have a more terse suggestion, please post. I agree this should > be more clear. > > > > It might pay to explain what RFC 7525 is in Section 6. Why does that > > document warrant special attention over the 70-odd other ones. > > Good point, how about the following text: > > PROPOSED: > RFC7525 is BCP195, "Recommendations for Secure Use of Transport Layer > Security (TLS) and Datagram Transport Layer Security (DTLS)", is the > mpost recent best practice document for implementing TLS and was based > off of TLSv1.2. At the time of publication, TLSv1.0 and TLSv1.1 had not > yet been deprecated. As such, this document is called out specifically > to update text implementing the deprecation recommendations of this > document. > > > > > Otherwise, publish this. > > Thank you! > > I'll continue through the rest of the messages, but may have a delay > when tending to other responsibilities. > I am putting the proposals into a new version to upload to the git > repository. > > Best regards, > Kathleen > > > > > > > > > On Sat, Apr 13, 2019, at 09:28, Christopher Wood wrote: > > > This is the working group last call for the "Deprecating TLSv1.0 and > > > TLSv1.1” draft available at: > > > > > > https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/ > > > > > > Please review the document and send your comments to the list by April > > 26, 2019. > > > > > > Thanks, > > > Chris, Joe, and Sean > > > > > > _______________________________________________ > > > TLS mailing list > > > TLS@ietf.org > > > https://www.ietf.org/mailman/listinfo/tls > > > > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > -- > > Best regards, > Kathleen _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
