(chair hat off) I read the draft, it looks good to me.
OS On Wed, Dec 6, 2023 at 10:21 AM Salz, Rich <rsalz= 40akamai....@dmarc.ietf.org> wrote: > The draft is at > https://datatracker.ietf.org/doc/draft-rsalz-uta-require-tls13/ and it’s > maintained on GitHub at https://github.com/richsalz/tls12-frozen There > are two documents in that repo. > > > > The draft updates RFC 9325 in the following way: > > Any new protocol that uses TLS MUST specify as its default TLS 1.3 (or a > higher TLS version, when one becomes stadardized). For example, QUIC [ > QUICTLS > <https://richsalz.github.io/tls12-frozen/draft-rsalz-uta-require-tls13.html#QUICTLS>] > requires TLS 1.3 and specifies that endpoints MUST terminate the > connection if an older version is used. > > > > If deployment considerations are a concern, the protocol MAY specify TLS > 1.2 as an additional, non-default option. As a counter example, the Usage > Profile for DNS over TLS [DNSTLS > <https://richsalz.github.io/tls12-frozen/draft-rsalz-uta-require-tls13.html#DNSTLS>] > specifies TLS 1.2 as the default, while also allowing TLS 1.3. For newer > specifications that choose to support TLS 1.2, those preferences are to be > reversed. > > > > One motivation is that TLS is in a call for adoption of a “TLS 1.2 is > frozen” draft which specifies that no new features, in particular > **post-quantum > crypto** will not be added to TLS 1.2. As PQC is now a hot topic, it > might be worth firming up the advice to applications. > > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
