Benjamin Kaduk has entered the following ballot position for draft-ietf-uta-tls-for-email-04: Abstain
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-uta-tls-for-email/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- While I support the TLS version requirements changes that this document is making, I seem to be failing to find the discussion/explanation of why this document is needed in this format, as opposed to the changes being included as part of the updates in draft-ietf-tls-oldversions-deprecate. Also, I have some comments on the current text. Didn't a late review comment to the last-call on the -03 suggest to have the requirements here include "follow BCP 195" and get a positive response from an author? I don't see that change present in the -04. (A similar change was suggested nearly a year ago for the -01, in https://mailarchive.ietf.org/arch/msg/uta/6ZHi1RlE2CW3eLMub2HLXaiK8dY , but received no response.) Section 2 Please use the normal BCP 14 boilerplate from RFC 8174. Section 3 OLD: In Section 4.1, the text should be revised from: "It is RECOMMENDED that new users be required to use TLS version 1.1 or greater from the start. However, an MSP may find it necessary to make exceptions to accommodate some legacy systems that support only earlier versions of TLS or only cleartext." NEW: "It is RECOMMENDED that new users be required to use TLS version 1.2 There seems to be a mismatch regarding the presence of the "In Section 4.1, the text should be revised from" text. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
