On Tue, Apr 8, 2025 at 9:06 AM Toerless Eckert <t...@cs.fau.de> wrote:
> Dear IESG, *: > > We received IESG review for draft-ietf-anima-brski-prm that was asking to > make the use of TLS 1.3 mandatory based on the expectation that > draft-ietf-uta-require-tls13 > would become RFC - unless we provide sufficient justification in our (prm) > draft. > > I would like to point out, that it is the current version of > draft-ietf-uta-require-tls13 > whose core applicability reasoning is misleading: > > "since TLS 1.3 use is widespread, ... > new protocols that use TLS must require and assume its existence > > This is not correct. Correct would be is: > > "since TLS 1.3 use is widespread in browser, ... > new protocols that use browsers and TLS must require its use and assume > its existence, > protocols not using browsers must recommend its use and assume its > existance > I don't agree that this change is indicated. TLS 1.3 is far more widespread than just in browsers. It's been in major libraries for years and is supported in the Windows, MacOS, iOS, and Android stacks. This is not to say that there aren't environments which don't support TLS 1.3, but it's far more than just browsers. Recommending, but not requiring the use of TLS 1.3 is unfortunately > necessary for > quite a while for the much larger space of IOT equipment and protocols > written > for non-browser enviroments where IOT equipment is important to be > supported. > Such IOT equipment often comes with SDK that can not be upgraded for long > periods of > time, sometimes as long as 10 years or longer, and/or solutions where > upgrade of SDK > (including OS) would require very expensive re-certification such as FIPS > 140 or > required regulatory requirements. > > If you think this is not appropriate, then please stop flying planes, > because > planes are one example of systems in which basic systems are not possible > to rewrite > from scratch because they can not for various, including financial reasons > be > re-qualified at such a base level. > As Alan observes, we are talking about levies on new protocols, not existing protocols. These should be deployed with TLS 1.3 for the reasons indicated in this draft. -Ekr
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
