One of the things we need to be honest with ourselves about is that telling people not to do it won’t prevent them from doing it.
So this decision is saying that WHEN people decide do PQC with TLS 1.2, they
will be doing so without IETF guidance about how to do it. If this is the path
we choose, we need to be ok with that.
I’m somewhat ok with that, but it does concern me and cause me to wonder if
there’s something better we can do.
-Tim
From: Salz, Rich <rsalz=40akamai....@dmarc.ietf.org>
Sent: Tuesday, December 10, 2024 11:48 AM
To: Muhammad Usama Sardar <muhammad_usama.sar...@tu-dresden.de>; Valery Smyslov
<smyslov.i...@gmail.com>; 'Sean Turner' <s...@sn3rd.com>; 'TLS List'
<tls@ietf.org>
Subject: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature Freeze
I would suggest "For TLS, it is important to note that PQC efforts are
exclusively for TLS 1.3 or later."
To me, the draft (even v3) is not clear on this point. At some point in future,
PQ will become an urgent security issue, and the wording "outside of urgent
security fixes" in the draft seems to imply that then we will start working on
PQC for TLS 1.2. I suggest being explicit on this point.
How about this:
For TLS it is important to note that the focus of these efforts is exclusively
TLS 1.3 or later. Put bluntly, post-quantum cryptography for TLS 1.2 WILL NOT
be supported (see {{iana}}) at any time and anyone wishing to deploy
post-quantum cryptography should expect to be using TLS 1.3.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
