Considering the following two statements in I-D, I have two questions: > For TLS it is important to note that the focus of these efforts is
> TLS 1.3 or later. Put bluntly, post-quantum cryptography for TLS 1.2 > WILL NOT be supported. To me the two sentences are contradicting. Which one of the following is intended? The second sentence is intended to be a clarification and emphasis of the first. I’m not aware of any TLS WG efforts to define PQC and register them for TLS 1.2 and I believe the WG assumption – perhaps unstated? – is that these things require and assume TLS 1.3. It’s not just crypto suites, but also things like David Benjamin’s proposed keyshare draft, and other stuff. If you have a wording suggestion, I’d love to hear it. 1. (My understanding from 2nd sentence) We will exclusively work on PQC for TLS 1.3 or later. What does the capitalization of WILL NOT mean? I did not find any such capitalization in RFC 2119 and RFC 8174. Please add the relevant RFC in section 2 or define it. 2119/8174 doesn’t limit all other uses of uppercase letters :). It’s just for emphasis. > This > document specifies that outside of urgent security fixes, no new > features will be approved for TLS 1.2. If the intention of draft was #2 above, cross-reading with this sentence, are we implying that PQC is not an urgent security issue? Given our finite resources, regardless of the urgency of the issue, the IETF TLS WG is not spending effort to “fix” TLS 1.2 And this document is intended to inform the community of that. So if you want to be PQ, step is one make sure you are using TLS 1.3
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
