Hiya, On 20/02/2020 01:34, Benjamin Kaduk via Datatracker wrote: > Benjamin Kaduk has entered the following ballot position for > draft-ietf-uta-tls-for-email-04: Abstain > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-uta-tls-for-email/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > While I support the TLS version requirements changes that this document is > making, > I seem to be failing to find the discussion/explanation of why this document > is needed in > this format, as opposed to the changes being included as part of the updates > in > draft-ietf-tls-oldversions-deprecate.
This one was spawned off from that on the basis of some list discussion or other some time ago. TBH, I forget the details, but vaguely recall those being fine and of the usual level of (un)importance as such things go. It may have been a feeling that this might delay draft-ietf-tls-oldversions-deprecate. Oddly, the UTA document somehow seems to have gotten ahead of the TLS one in the meantime:-) > Also, I have some comments on the current text. > > Didn't a late review comment to the last-call on the -03 suggest to have > the requirements here include "follow BCP 195" and get a positive > response from an author? I don't see that change present in the -04. > (A similar change was suggested nearly a year ago for the -01, in > https://mailarchive.ietf.org/arch/msg/uta/6ZHi1RlE2CW3eLMub2HLXaiK8dY , > but received no response.) Yes. We've not done edits since then. Probably best to process all the IESG comments at once when we've got 'em all, and we'll include those below in that, Cheers, S. > > Section 2 > > Please use the normal BCP 14 boilerplate from RFC 8174. > > Section 3 > > OLD: > > In Section 4.1, the text should be revised from: "It is RECOMMENDED > that new users be required to use TLS version 1.1 or greater from the > start. However, an MSP may find it necessary to make exceptions to > accommodate some legacy systems that support only earlier versions of > TLS or only cleartext." > > NEW: > > "It is RECOMMENDED that new users be required to use TLS version 1.2 > > There seems to be a mismatch regarding the presence of the "In Section > 4.1, the text should be revised from" text. > > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta >
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
