Hi Rich, Please check inline below for response with KT where I have included some suggestions:
On Mon, Mar 31, 2025 at 2:56 AM Salz, Rich <rs...@akamai.com> wrote: > Thank you for the review. > > > > > 1) Section 1 > > "This document specifies that outside of urgent security fixes, and the > exceptions listed in Section 4, no changes will be approved for TLS 1.2." > > Following the conversations, it seems like the goal is for IETF to not > adopt or > approve work related to TLS 1.2 except some (exceptional) cases of security > issues that are agreed upon in the TLS WG. If so, text along those lines > would > help clear ambiguities. > > What do you think is ambiguous? “no changes will be approved”? By whom? > Does changing the last phrase to be “the IETF will not approve any changes > for TLS 1.2” clarify the ambiguity? > KT> Suggest: This document specifies that outside of urgent security fixes (as determined by TLS WG consensus), and the exceptions listed in Section 4, IETF will not approve any changes for TLS 1.2. > > > 2) Section 2 > > "Put bluntly, post-quantum cryptography for TLS 1.2 WILL NOT be supported > (see > Section 4) at any time and anyone wishing to deploy post-quantum > cryptography > should expect to be using TLS 1.3." > > The use of uppercase BCP14-like language tripped me as well. I believe the > intention here is again that this work not be undertaken in the IETF (i.e., > enhancements related to PQC MUST NOT be specified by IETF?). > > Will this is a STD document so the UPPERCASE is okay. Same question as > above, please explain what you see as the ambiguity. (This is a > standards-track document, so presumably it’s binding on the IETF) > KT> Suggest: Work on post-quantum cryptography for TLS 1.2 MUST NOT be undertaken (see Section 4) in the IETF and anyone wishing to deploy post-quantum cryptography is expected to use TLS 1.3 (or newer). > > > Is there something to be added in the IANA considerations with regards to > guidance to DEs to follow the guidelines in this document and not make > allocations for TLS 1.2 extensions that may come from outside the IETF > standards track? > > I believe the IANA considerations section is quite clear: DO NOT ADD > anything for 1.2. The wording there was worked out with IANA folks. > KT> I will leave it to the IANA team. Thanks, Ketan > > Finally a question, unrelated to this document, does the TLS WG charter > need an > update to capture some of this decision/direction? > > I do not know. > >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
