FWIW, while I don't think we should be doing much enhancement of (D)TLS 1.2, I also don't think it makes sense not to allow enhancements to 1.3 to be used with 1.2 where that makes sense, as it seems to here.
-Ekr On Thu, Nov 4, 2021 at 11:05 AM Achim Kraus <achimkr...@gmx.net> wrote: > Hi Sean, > > I hope, the answer of Hannes counts as "significant justification". > > Most of the discussion and arguments are about TLS 1.2 and 1.3. > > Just to be clear: > RRC will only apply to DTLS, 1.2 and 1.3. There is no usage for TLS. > And for RRC, Hannes and Thomas wants to use the "Flags Extension". > > I'm not sure, how fast DTLS 1.2 deployments will be moved to DTLS 1.3. > But I'm pretty sure, that DTLS 1.2 with Connection ID will make many > NB-IoT solutions possible, and RRC will help to defend that against > attacks. > > best regards > Achim Kraus > Eclipse/Californium > (Currently DTLS 1.2 only ;-) ) > > Am 04.11.21 um 14:27 schrieb Sean Turner: > > Hannes, > > > > Sorry I forgot to answer this, but John pretty much answered it for me. > The prevailing notion that the WG has been under is that extensions defined > are for TLS 1.3. We put the following in the charter to make that clear: > > > > Changes or additions to older versions of (D)TLS whether > > via extensions or ciphersuites are discouraged and require > > significant justification to be taken on as work items. > > > > So ... do you have a significant justification? > > > > Cheers, > > spt > > > >> On Nov 4, 2021, at 09:11, John Mattsson <john.mattsson= > 40ericsson....@dmarc.ietf.org> wrote: > >> > >> TLS 1.2 has been obsolete for over three years. Oxford dictionary > defines obsolete as "no longer produced or used; out of date." NIST > requires support of TLS 1.3 everywhere no later than Jan 2024, which at > least in theory means no negotiation of TLS 1.2. > >> > >> I think IETF, TLS WG, and TLS libraries should spend their time on TLS > 1.3 rather than giving the false idea it is ok to stay on TLS 1.2. > >> > >> John > >> > >> From: TLS <tls-boun...@ietf.org> on behalf of Hannes Tschofenig < > hannes.tschofe...@arm.com> > >> Date: Monday, 25 October 2021 at 19:12 > >> To: IETF TLS <tls@ietf.org> > >> Subject: [TLS] Flags Extension: why only for TLS 1.3? > >> > >> Hi all, > >> > >> why is the flags extension only defined for TLS 1.3? > >> > >> There is nothing in this extension that prevents us from using it also > in TLS 1.2. > >> > >> Could we make it also available to TLS 1.2? > >> > >> Ciao > >> Hannes > >> > >> IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > >> _______________________________________________ > >> TLS mailing list > >> TLS@ietf.org > >> https://www.ietf.org/mailman/listinfo/tls > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
