The draft is at https://datatracker.ietf.org/doc/draft-rsalz-uta-require-tls13/ and it’s maintained on GitHub at https://github.com/richsalz/tls12-frozen There are two documents in that repo.
The draft updates RFC 9325 in the following way: Any new protocol that uses TLS MUST specify as its default TLS 1.3 (or a higher TLS version, when one becomes stadardized). For example, QUIC [QUICTLS<https://richsalz.github.io/tls12-frozen/draft-rsalz-uta-require-tls13.html#QUICTLS>] requires TLS 1.3 and specifies that endpoints MUST terminate the connection if an older version is used. If deployment considerations are a concern, the protocol MAY specify TLS 1.2 as an additional, non-default option. As a counter example, the Usage Profile for DNS over TLS [DNSTLS<https://richsalz.github.io/tls12-frozen/draft-rsalz-uta-require-tls13.html#DNSTLS>] specifies TLS 1.2 as the default, while also allowing TLS 1.3. For newer specifications that choose to support TLS 1.2, those preferences are to be reversed. One motivation is that TLS is in a call for adoption of a “TLS 1.2 is frozen” draft which specifies that no new features, in particular *post-quantum crypto* will not be added to TLS 1.2. As PQC is now a hot topic, it might be worth firming up the advice to applications.
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
