I understand that DTLS 1.3 doesn’t have many implementations yet, and that it is therefore premature to say that DTLS 1.2 gets no new features. (My guess is that most would-be DTLS 1.3 implementors are off working on QUIC; that’s certainly the case of OpenSSL.)
I think David’s concern about doing quantum-safe crypto in 1.2 makes a lot of sense. But we can wait until it happens before doing anything. Since RFC 8996 says: “This document also deprecates Datagram TLS (DTLS) version 1.0 (RFC 4347) but not DTLS version 1.2, and there is no DTLS version 1.1.” I think the draft should explicit say “This document says nothing about DTLS” At least that’s what the next version will say and the WG can hack away if they want.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
