On 10.12.24 16:02, Salz, Rich wrote:
The second sentence is intended to be a clarification and emphasis of the first. I’m not aware of any TLS WG efforts to define PQC and register them for TLS 1.2 and I believe the WG assumption – perhaps unstated? – is that these things require and assume TLS 1.3. It’s not just crypto suites, but also things like David Benjamin’s proposed keyshare draft, and other stuff. If you have a wording suggestion, I’d love to hear it.I would suggest "For TLS, it is important to note that PQC efforts are exclusively for TLS 1.3 or later."
To me, the draft (even v3) is not clear on this point. At some point in future, PQ will become an urgent security issue, and the wording "outside of urgent security fixes" in the draft seems to imply that then we will start working on PQC for TLS 1.2. I suggest being explicit on this point.> This > document specifies that outside of urgent security fixes, no new > features will be approved for TLS 1.2.If the intention of draft was #2 above, cross-reading with this sentence, are we implying that PQC is not an urgent security issue?Given our finite resources, regardless of the urgency of the issue, the IETF TLS WG is not spending effort to “fix” TLS 1.2 And this document is intended to inform the community of that. So if you want to be PQ, step is one make sure you are using TLS 1.3
Usama
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
