Hi Viktor, That works for me. I'll wait for the Chairs to ask for a new version before publishing.
Best regards, Chris On Tue, Sep 19, 2023 at 12:39 PM Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > On Tue, Sep 19, 2023 at 07:25:51AM -0400, Chris Lonvick wrote: > > > I think that the changes to Sections 4 and 5 should be limited to > > replacing "MUST NOT" with "SHOULD NOT". That will provide clear > > guidance for implementers. > > > > I was then thinking of changing the Security Considerations section to > the > > following: > > ---vvv--- > > 10. Security Considerations > > > > [BCP195] deprecates an insecure DTLS transport protocol from > > [RFC6012] and deprecates insecure cipher suits from [RFC5425] and > > [RFC6012]. This document specifies mandatory to implement cipher > > suites to those RFCs and the latest version of the DTLS protocol to > > [RFC6012]. > > The above reads a bit clumsy, perhaps something along the lines of: > > OLD: This document specifies mandatory to implement cipher > suites to those RFCs and the latest version of the DTLS > protocol to [RFC6012]. > > NEW: This document updates the mandatory to implement cipher > suites to conform with those RFCs and the latest version > of the DTLS protocol [RFC6012]. > > > The insecure cipher suites SHOULD NOT be offered. If a device > > currently only has an insecure cipher suite, an administrator of the > > network should evaluate the conditions and determine if the insecure > > cipher suite should be allowed so that syslog messages may continue > > to be delivered until the device is updated to have a secure cipher > > suite. > > ---^^^--- > > > > Please comment and suggest any further edits for WG review. > > Module word-smithing, this is generally acceptable. Prohibition of the > weaker code points, rather than promotion of their replacements isn't > [RFC7435] my most preferred approach to improving security, but it'll > have to do when consensus that raising the ceiling will suffice is not > within reach. Thanks for taking my comments into consideration. > > -- > Viktor. > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta >
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
