Work on post-quantum cryptography for TLS 1.2 SHOULD NOT be undertaken (see Section 4) in the IETF and anyone wishing to deploy post-quantum cryptography is expected to use TLS 1.3 (or newer). Related work MAY be taken up by the TLS WG consensus in exceptional scenarios.
The consensus of the WG is “WILL NOT”. That is clear and more definitive than SHOULD. The last sentence seems superfluous given the early mention of “only security issues.” The WG also discussed the “or later” construct and decided against it since we don’t know what 1.3-next will have. Taken together, that leaves us with the current wording. BCP14 keywords are recognized industry-wide (not just within IETF). IMHO it would be helpful if the message is clear using those keywords. I'll leave this to my SEC AD colleagues :-) Sure.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
