On Wed, Oct 9, 2019 at 5:20 AM Eric Rescorla <e...@rtfm.com> wrote: > > > On Mon, Oct 7, 2019 at 10:29 AM Rob Sayre <say...@gmail.com> wrote: > >> On Mon, Oct 7, 2019 at 1:25 AM Eric Rescorla <e...@rtfm.com> wrote: >> >>> >>>>>> It seems strange to put DTLS 1.0 (based on TLS 1.1) into new >>>>>> documents. >>>>>> >>>>> >>>>> A few points. >>>>> >>>>> 1. It doesn't pull it in. There's no reference and there's just an >>>>> informative statement. >>>>> >>>> >>>> Shouldn't there be an informative reference? >>>> >>> >>> To what? >>> >> >> Hi, I missed this response. This discussion seems a bit tedious, but >> >> 1) it doesn't seem like a particularly valid claim to say that the >> document "doesn't pull" in DTLS 1.0 when the rationale for that claim is a >> missing reference. >> > > Well I suppose you're entitled to your opinion, but no, I don't think > that's true. We have a very specific meaning for normative dependency and > in no way would this be one. At most this would be an informative reference. > > In any case, this is not the proper place for this discussion. If you want > this document changed, you'll need to take it to the RTCWEB WG. > > >> This thread also has some other unusual claims: >> >> On Tue, Oct 1, 2019 at 7:34 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> >> wrote: >> > we can't "UPDATE" an I-D. >> >> Not true. If you need to refer to something that's been IESG-approved but >> still in the RFC queue, you can leave a note for the RFC editor to update >> the reference to the eventual RFC number. >> >> On Wed, Oct 2, 2019 at 8:17 PM Sean Turner <s...@sn3rd.com> wrote: >> > You can change the text, but I do not believe it will change the >> implementations. >> >> If true, changing the text would seem to be uncontroversial. >> >> Anyway, leaving strange text like this DTLS 1.0 stuff in the webrtc >> document is one thing (although I'm surprised the IESG allowed it). >> Claiming that a document like draft-ietf-tls-oldversions-deprecate can't >> update documents from a concluded WG is another. >> >> If the IETF can't get consensus on actually deprecating DTLS 1.0, maybe >> something similar to the text from draft-ietf-rtcweb-security-arch should >> be added to draft-ietf-tls-oldversions-deprecate. >> >> "Earlier specifications required DTLS 1.0. Endpoints which support only >> DTLS 1.2 might encounter interoperability issues." >> >> That would seem to subvert the point of the draft--I think this is the >> point that the original post in this thread was making. >> > > When we agreed to discuss >
adopt. this draft, there was an explicit discussion of the fact that this was the > IETF's opinion based on security and protocol maturity but that we expected > the transition to take longer in some domains than others, so I wouldn't > have a problem with that kind of text, as I think it's factually accurate > and implicit. > > -Ekr > > >> thanks, >> Rob >> >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
