Thank you for the review.
1) Section 1 "This document specifies that outside of urgent security fixes, and the exceptions listed in Section 4, no changes will be approved for TLS 1.2." Following the conversations, it seems like the goal is for IETF to not adopt or approve work related to TLS 1.2 except some (exceptional) cases of security issues that are agreed upon in the TLS WG. If so, text along those lines would help clear ambiguities. What do you think is ambiguous? “no changes will be approved”? By whom? Does changing the last phrase to be “the IETF will not approve any changes for TLS 1.2” clarify the ambiguity? 2) Section 2 "Put bluntly, post-quantum cryptography for TLS 1.2 WILL NOT be supported (see Section 4) at any time and anyone wishing to deploy post-quantum cryptography should expect to be using TLS 1.3." The use of uppercase BCP14-like language tripped me as well. I believe the intention here is again that this work not be undertaken in the IETF (i.e., enhancements related to PQC MUST NOT be specified by IETF?). Will this is a STD document so the UPPERCASE is okay. Same question as above, please explain what you see as the ambiguity. (This is a standards-track document, so presumably it’s binding on the IETF) Is there something to be added in the IANA considerations with regards to guidance to DEs to follow the guidelines in this document and not make allocations for TLS 1.2 extensions that may come from outside the IETF standards track? I believe the IANA considerations section is quite clear: DO NOT ADD anything for 1.2. The wording there was worked out with IANA folks. Finally a question, unrelated to this document, does the TLS WG charter need an update to capture some of this decision/direction? I do not know.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
