On Fri, Oct 04, 2019 at 09:57:53PM +0700, Rob Sayre wrote: > On Fri, Oct 4, 2019 at 9:48 PM Eric Rescorla <e...@rtfm.com> wrote: > > > > > > > On Fri, Oct 4, 2019 at 7:43 AM Rob Sayre <say...@gmail.com> wrote: > > > >> On Fri, Oct 4, 2019 at 9:08 PM Cullen Jennings <flu...@iii.ca> wrote: > >> > >>> > >>> I do not think you have consensus for that change to WebRTC - it was > >>> discussed extensively. ... > >>> > >> > >> While that may be true, readers of this list might want to read a > >> rationale, rather than just the results of a negotiation. Is there a > >> rationale somewhere? > >> > >> It seems strange to put DTLS 1.0 (based on TLS 1.1) into new documents. > >> > > > > A few points. > > > > 1. It doesn't pull it in. There's no reference and there's just an > > informative statement. > > > > Shouldn't there be an informative reference?
I think that's largely a question for the sponsoring AD (CC'd) and the RFC Editor. > > > 2. There is a rationale. In fact, the relevant text pretty much is all > > rationale. > > > > All Implementations MUST support DTLS 1.2 with the > > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite and the P-256 > > curve [FIPS186 > > <https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-20#ref-FIPS186>]. > > Earlier drafts of this specification required DTLS > > 1.0 with the cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, and > > at the time of this writing some implementations do not support DTLS > > 1.2; endpoints which support only DTLS 1.2 might encounter > > interoperability issues. > > > > > Yes, I read this section and I was wondering what the rationale was for the > text: "endpoints which support only DTLS 1.2 might encounter > interoperability issues." Is there some data behind this? I'm not > suggesting a change in the draft without more information, but I do wonder > how the WG came to agree on this text. My assumption (I was not following the work) is that it was a well-known fact among implementors at the time that some large implementations only implemented DTLS 1.0. Accordingly, "might encounter interoperability issues" is a bland uncontroversial fact, in that context. It's not clear to me that we are adding much value revisiting the rtcweb WG's decisions over here on the TLS WG without getting input from rtcweb about why they put it that way in the first place... -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
