This guidance document already exists: https://datatracker.ietf.org/doc/html/rfc9325 Thanks, Yaron On 26/11/2024, 22:58, "David A. Cooper" <david.cooper=40nist....@dmarc.ietf.org> wrote: For me, the question of TLS-LTS or TLS 1.3. If TLS-LTS is a bug fix, then what bugs does it fix that can not be fixed without defining a new extension? If it were replaced with a guidance document that said clients and servers MUST only support cipher suites X, Y, and Z, MUST support encrypt-then-MAC and extended master secret, MUST only offer/support P-256 for ECDH and RFC 7919 groups for FFDH, etc., what bugs would still remain that TLS-LTS fixes? On 11/26/24 6:37 AM, Salz, Rich wrote: >> The draft isn't a minor change: it makes handshake and record >> layer changes so everyone would need to install new software and >> suffer similar compat issues as with a 1.3 update. > Compare a diff for this versus a 1.3 implementation. The latter is huge. Also, the former can be considered as a bugfix that closes security holes. TLS 1.3 also fixes things, but it's not really just a bugfix. > > _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org |
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
