Hi Rich,
Although the sentiment is laudable, it's not clear to me:
(1) Who the audience is for this document.
(2) Whether this document is really needed.
If the audience is IETF participants (especially those who could approve
work items for adding features to TLS 1.2, such as the chairs of the TLS
WG), then I'm not convinced we need this document. My reasoning is that
such people (a) already know that it isn't wise to add new features to
TLS 1.2 (cf. RFC 9325) and (b) don't need an informational RFC to help
them justify a decision to deny work on new TLS 1.2 features.
If the audience is folks outside the IETF who might design new TLS 1.2
features (who are these people or SDOs?), then working with them 1:1
seems more productive than publishing an informational RFC.
tl;dr although I see no active harm in publishing a document like this,
I also doubt the wisdom of spending WG/AD/IESG cyles on it.
Peter
On 10/5/23 1:42 PM, Salz, Rich wrote:
Dear UTA WG,
We would like the WG to adopt this draft. Last IETF we presented
https://datatracker.ietf.org/doc/draft-rsalz-tls-tls12-frozen/ to the TLS WG, and the
suggestion was to split out the application-protocol parts and submit it to UTA. So here
you go. The title says it all "New Protocols must require TLS 1.3". Existing
protocols MAY use TLS 1.2 but should prefer 1.3
There is some duplication between this doc and the other one, which we will
address once both are adopted.
On 10/5/23, 3:36 PM, "internet-dra...@ietf.org <mailto:internet-dra...@ietf.org>"
<internet-dra...@ietf.org <mailto:internet-dra...@ietf.org>> wrote:
A new version of Internet-Draft draft-rsalz-uta-require-tls13-00.txt has been
successfully submitted by Rich Salz and posted to the
IETF repository.
Name: draft-rsalz-uta-require-tls13
Revision: 00
Title: New Protocols Must Require TLS 1.3
Date: 2023-10-05
Group: Individual Submission
Pages: 8
URL: https://www.ietf.org/archive/id/draft-rsalz-uta-require-tls13-00.txt
Status: https://datatracker.ietf.org/doc/draft-rsalz-uta-require-tls13/
HTML: https://www.ietf.org/archive/id/draft-rsalz-uta-require-tls13-00.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-rsalz-uta-require-tls13
Abstract:
TLS 1.2 is in widespread use and can be configured such that it
provides good security properties. TLS 1.3 is also in widespread use
and fixes some known deficiencies with TLS 1.2, such as removing
error-prone cryptographic primitives and encrypting more of the
traffic so that it is not readable by outsiders.
Since TLS 1.3 use is widespread, new protocols must require and
assume its existence. This prescription does not pertain to DTLS (in
any DTLS version); it pertains to TLS only.
The IETF Secretariat
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
