> My main point is say it once, not repeat it in each section. I think that language was added for fear that readers will only glimpse the document, and somehow conclude that RSA/FFDH is fine with TLS 1.1. (The document is mostly aimed at late adopters of best practices anyway...) So my preference is to keep repeating that, if that's OK.
> Y-> N I'm confused, probably because I'm not familiar enough with RFC8447bis and friends :-) N "Indicates that the item has not been evaluated by the IETF and that the IETF has made no statement about the suitability of the associated mechanism." So why would we have cipher suites with FFDHE as N? I thought we'd mark them all as Discouraged. I guess this impacts whether the appendices are normative, so let's first try to help me get unconfused :-) > we should probably change the name of the Appendices from “XXX Cipher Suites Deprecated by This Document” to “Deprecated XXX Cipher Suites” to not mislead readers that this document did all the deprecation. Yep, SGTM. I'll make that change. On Wed, 12 Jul 2023 at 21:31, Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> wrote: > >This appears in s2: > >Note that TLS 1.0 and 1.1 are deprecated by [RFC8996] > >and TLS 1.3 does not support FFDH [RFC8446]. > >You’re suggesting that this be moved to s1? > > My main point is say it once, not repeat it in each section. > > > If that’s the case then maybe make Appendix B normative (and resort the > Appendices), list the Y->N changes above in s5, and leave the rest > informative (since they’re already or will be N)? > > That's a good idea. > > > And, we should probably change the name of the Appendices from “XXX > Cipher Suites Deprecated by This Document” to “Deprecated XXX Cipher > Suites” to not mislead readers that this document did all the deprecation. > But, I do like the idea of adding a reference to this document for all the > registry entries listed in Appendices - kind of like a tombstone. > > And two more good ideas. In one email: an IETF record perhaps. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
