Adam, Thanks for your comments. The WG discussed the question of guidance for key rotation and came to the conclusion that we didn't have much useful to say as a consensus matter, so we opted to remain silent.
-Ekr On Wed, Mar 5, 2025 at 12:45 PM Adam Montville via Datatracker < nore...@ietf.org> wrote: > Reviewer: Adam Montville > Review result: Ready > > Based on my review of this draft I would classify it as "ready" for > publication, with some minor caveats that don’t fundamentally undermine its > readiness.The draft defines a clear, well-specified mechanism for > encrypting > the ClientHello. It leverages established cryptographic primitives and > preserves existing TLS 1.3 security properties. The threat model is > thoroughly > addressed with a formal analysis documented in a reference. > > If it is possible (possibly not in this drat) to offer more detailed > operational guidance on key rotation, that would be helpful. There are some > points in the document that might allude to implementation-specific > configuration choices. Implementations would ideally expose these choices > to > operators so they can make the best possible choices for their needs. > > >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
