Hi Rich, My comment was based on the observation that the document discusses several aspects beyond directly modifying RFC 9325, as it also provides broader guidance on related topics.
For example: 1. Post-Quantum Cryptography (Section 3): While this is an important topic, its inclusion raises the question of whether the document's primary focus is solely updating RFC 9325 or if it also aims to serve as general guidance on TLS usage in a post-quantum context. 1. Security Considerations (Section 6): The discussion on TLS 1.2 vulnerabilities and attack mitigations is highly relevant, but it goes beyond simply justifying why new protocols should default to TLS 1.3. Instead, it provides a broader analysis of past security issues, which may extend beyond a strict update to RFC 9325. If the intent is both to update RFC 9325 and provide broader guidance, it might be helpful to clarify this in the introduction or abstract. Also, have you had a chance to review the suggestions made by Med in the following PR? GitHub Link<https://github.com/richsalz/draft-use-tls13/pull/6/files>. Looking forward to your thoughts. Best regards, Samier Barguil From: Salz, Rich <rs...@akamai.com> Sent: Saturday, March 22, 2025 8:24 AM To: Samier Barguil Giraldo (Nokia) <samier.barguil_gira...@nokia.com>; ops-...@ietf.org Cc: draft-ietf-uta-require-tls13....@ietf.org; last-c...@ietf.org; uta@ietf.org Subject: Re: Opsdir telechat review of draft-ietf-uta-require-tls13-06 You don't often get email from rs...@akamai.com<mailto:rs...@akamai.com>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information. Thanks for the review. - The Abstract states that this document updates RFC 9325. However, in Section 5, the changes are explained, but it is unclear whether the sole intent of this document is to introduce these updates or if it has a broader scope, as other related topics are also discussed. Can you give an example of something that is beyond the scope of updating 9325? I believe the other related topics are rationale and justification. - In the following paragraph, does "these efforts" refer to the efforts of this draft specifically, or does it refer to broader cryptographic industry/technology efforts? "For TLS, it is important to note that the focus of these efforts is TLS 1.3 or later, and that TLS 1.2 will not be supported (see [TLS12FROZEN]). This is one more reason for new protocols to default to TLS 1.3, where PQC is actively being standardized, as this gives new applications the option to use PQC." Samier
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
