Hi Rich,
OK, now I'm commenting on the appropriate document:
On 10/5/23 1:42 PM, Salz, Rich wrote:
Name: draft-rsalz-uta-require-tls13
Revision: 00
Title: New Protocols Must Require TLS 1.3
RFC 9325 / BCP 195 states:
* New transport protocols that integrate the TLS/DTLS handshake
protocol and/or record layer MUST use only TLS/DTLS 1.3 (for
instance, QUIC [RFC9001] took this approach). New application
protocols that employ TLS/DTLS for channel or session encryption
MUST integrate with both TLS/DTLS versions 1.2 and 1.3;
nevertheless, in rare cases where broad interoperability is not a
concern, application protocol designers MAY choose to forego TLS
1.2.
Rationale: Secure deployment of TLS 1.3 is significantly easier
and less error prone than secure deployment of TLS 1.2. When
designing a new secure transport protocol such as QUIC, there is
no reason to support TLS 1.2. By contrast, new application
protocols that reuse TLS need to support both TLS 1.3 and TLS 1.2
in order to take advantage of underlying library or operating
system support for both versions.
That text was carefully crafted here in the UTA WG and became IETF
consensus as of ~1 year ago.
IMHO any document that modifies the consensus can't be informational and
must instead update RFC 9325 and become part of BCP 195.
Further, such a document should indicate precisely how it has modified
the consensus in RFC 9325, which draft-rsalz-uta-require-tls13 doesn't
yet do.
Peter
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
