On 22/11/2024, 13:37, Yaron Sheffer yaronf.i...@gmail.com<mailto:yaronf.i...@gmail.com> wrote: > My point was much broader though: the IETF is sending deployers a bunch > of mixed messages, and this is on us as a community. > > RFC 9325 basically tells them: we prefer that you switch to TLS 1.3, but if > you absolutely cannot do that, here’s how you can configure the existing > TLS 1.2 and be secure (as of the time of publication). > > TLS-LTS sends a whole different message of course. > > And then the working group keeps nibbling at TLS 1.2 with documents like > draft-ietf-tls-deprecate-obsolete-kex and the earlier “deprecating” > documents. The KEX document does mention RFC 9325 at one point but > does not say explicitly which of its requirements are new, making it hard > for implementers to navigate our recommendations.
If the consensus view of the working group is that the existing communications have resulted in mixed messages and some confusion, the adoption of TLS LTS could provide a useful vehicle to address that whilst also dealing with the various technical points that Peter has already identified in his draft. By expanding the introduction plus sections 3.7 and 4 (or by adding a new section), it should be possible to communicate clearly to implementers and others the relative positions of TLS 1.2, TLS-LTS and TLS 1.3 with reference RFC 9325 and any other relevant documents etc. Andrew
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
