On Mon, Oct 7, 2019 at 10:29 AM Rob Sayre <say...@gmail.com> wrote: > On Mon, Oct 7, 2019 at 1:25 AM Eric Rescorla <e...@rtfm.com> wrote: > >> >>>>> It seems strange to put DTLS 1.0 (based on TLS 1.1) into new documents. >>>>> >>>> >>>> A few points. >>>> >>>> 1. It doesn't pull it in. There's no reference and there's just an >>>> informative statement. >>>> >>> >>> Shouldn't there be an informative reference? >>> >> >> To what? >> > > Hi, I missed this response. This discussion seems a bit tedious, but > > 1) it doesn't seem like a particularly valid claim to say that the > document "doesn't pull" in DTLS 1.0 when the rationale for that claim is a > missing reference. >
Well I suppose you're entitled to your opinion, but no, I don't think that's true. We have a very specific meaning for normative dependency and in no way would this be one. At most this would be an informative reference. In any case, this is not the proper place for this discussion. If you want this document changed, you'll need to take it to the RTCWEB WG. > This thread also has some other unusual claims: > > On Tue, Oct 1, 2019 at 7:34 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> > wrote: > > we can't "UPDATE" an I-D. > > Not true. If you need to refer to something that's been IESG-approved but > still in the RFC queue, you can leave a note for the RFC editor to update > the reference to the eventual RFC number. > > On Wed, Oct 2, 2019 at 8:17 PM Sean Turner <s...@sn3rd.com> wrote: > > You can change the text, but I do not believe it will change the > implementations. > > If true, changing the text would seem to be uncontroversial. > > Anyway, leaving strange text like this DTLS 1.0 stuff in the webrtc > document is one thing (although I'm surprised the IESG allowed it). > Claiming that a document like draft-ietf-tls-oldversions-deprecate can't > update documents from a concluded WG is another. > > If the IETF can't get consensus on actually deprecating DTLS 1.0, maybe > something similar to the text from draft-ietf-rtcweb-security-arch should > be added to draft-ietf-tls-oldversions-deprecate. > > "Earlier specifications required DTLS 1.0. Endpoints which support only > DTLS 1.2 might encounter interoperability issues." > > That would seem to subvert the point of the draft--I think this is the > point that the original post in this thread was making. > When we agreed to discuss this draft, there was an explicit discussion of the fact that this was the IETF's opinion based on security and protocol maturity but that we expected the transition to take longer in some domains than others, so I wouldn't have a problem with that kind of text, as I think it's factually accurate and implicit. -Ekr > thanks, > Rob >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
