Talking about providing "excellent security" also will get out-of-date and/or subjective once someone decides post-quantum, or any other 1.3-only improvement, is the bar for "excellent". I would suggest just not having the draft opine on such things when it doesn't need to.
We could just delete the first paragraph altogether and start the document: > TLS 1.3 [TLS13] is in widespread use and fixes many known deficiencies with TLS 1.2 [TLS12], such as encrypting more of the traffic so that it is not readable by outsiders and removing most cryptographic primitives now considered weak. Importantly, TLS 1.3 enjoys robust security proofs and provides excellent security as-is. On Wed, Dec 4, 2024 at 12:42 PM John Mattsson <john.mattsson= 40ericsson....@dmarc.ietf.org> wrote: > That would address your concern. > > > > John > > > > *From: *Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> > *Date: *Wednesday, 4 December 2024 at 15:21 > *To: *John Mattsson <john.matts...@ericsson.com>, Sean Turner < > s...@sn3rd.com>, TLS List <tls@ietf.org> > *Subject: *Re: [TLS] Re: Working Group Last Call for TLS 1.2 is in > Feature Freeze > > >TLS 1.3 enjoys robust > > >security proofs and provides excellent security as-is. > > as-is, TLS 1.3 does not provide excellent security for long-term > connections. > > It removes essential features such as asymmetric rekeying and > reauthentication. > > > > Would changing it to “provides excellent security for many use-cases > as-is” address your concern? Or “can provide excellent security”? Or does > that open up the case where people say “where does not it apply?” Would it > be better to just remove the “and provides” phrase altogether? > > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
