Hi, I have reviewed the draft and I have some comments. If these are fixed I think the document is ready for publishing.
Major: >This SHOULD be TLS 1.3 or TLS 1.2, depending on the circumstances >described in the above paragraphs. This could be interpretated as TLS 1.1 can be supported on a SHOULD NOT level. This must be rewritten to align with BCP 195, which states: "TLS 1.1 MUST NOT be used. Negotiation of TLS 1.1 from any version of TLS MUST NOT be permitted." Anything opening up for supporting or using TLS 1.1 is not ok. Minor: >TLS 1.2 is in widespread use This will not age well. I suggest removing widespead. >Cryptographically-relevant quantum computers, once available, >will have a huge impact on TLS. CRQCs will have a huge imact on TLS before they exist. Hopefully they will not have any impact on TLS when/if they exist as TLS then is 100% quantum-resistant. >In 2016, the US National Institute of >Standards and Technology (NIST) started a multi-year effort to >standardize algorithms that will be "safe" once quantum computers are >feasible [PQC]. First IETF discussions happened around the same time [CFRGSLIDES]. While the industry is waiting for NIST to finish standardization, the >IETF has several efforts underway. This seems a bit outdated now. The most important info should be that NIST in 2024 standardized ML-KEM, ML-DSA, and SLH-DSA in FIPS 203-205. I think you should have links to these. >Any new protocol that uses TLS MUST specify as its default TLS 1.3. This does not age well if TLS 1.4 is done. I suggest changing to 1.3 or later. Cheers, John On 2024-12-04, 07:47, "Valery Smyslov" <val...@smyslov.net> wrote: Hi, this message starts a two-week Working Group Last Call for draft-ietf-uta-require-tls13-02 (New Protocols Must Require TLS 1.3). The WGLC will end on December 17, 2024. Please send your comments to the list. Note, that TLS WG has issued a WGLC for draft-ietf-tls-tls12-frozen-02 (TLS 1.2 is in Feature Freeze) [1]. You may want to review both documents at the same time since they are related. Regards, Valery. [1] https://mailarchive.ietf.org/arch/msg/tls/9zfFeYd9r393rEnIwzq0CDyMZTM/
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
