On Wed, Jan 29, 2025 at 9:39 AM Salz, Rich <rs...@akamai.com> wrote:
> > > Small correction: BoringSSL has an implementation as of around November. > Our main DTLS application (WebRTC) is still in the process of integrating > it, so we may yet find that we messed something up, but in principle it's > working now. > > Thanks for that update, David. Are people okay with this sentence, adding > a new introductory clause: > As DTLS 1.3 is not widely available or deployed, > this prescription does not pertain to DTLS (in any DTLS version); > it pertains to > TLS only. > +1 It is a little interesting in that Section 3 still pertains to DTLS (we're not adding PQ to DTLS 1.2 either), Sections 4 and 5 do not (we're not requiring DTLS users move to DTLS 1.3 yet), while Section 6 still does (DTLS 1.3's late adoption does not make DTLS 1.2 magically more secure), but I think the text as-is fine. We're simply making no statement either way about DTLS right now. Though PQ means that DTLS 1.2's reprieve is just temporary. We still need to get to DTLS 1.3 for PQ. > > Second point is the text about NIST: > > I removed that section in the editor's draft[1]. I'll wait a week or two > before submitting in case the WG has concerns. > > [1] > https://richsalz.github.io/draft-use-tls13/#go.draft-rsalz-uta-require-tls13.html +1 to removing that text. A super minor nitpick: the text reads slightly funny now. The [PQC] citation is now attached to cryptographically-relevant quantum computers, rather than the post-quantum cryptography intended to be secure against said computers. It also reads like "these efforts" in the second paragraph refers to a CRQC rather than PQC. What if we added just one more sentence in? Something like... > Cryptographically-relevant quantum computers, once available, will > have a huge impact on TLS traffic. To mitigate this, TLS applications > will need to migrate to post-quantum cryptography [PQC]. > > For TLS it is important to note that the focus of these efforts is > TLS 1.3 or later [...] David
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
