(speaking not as UTA chair) Hi Toerless,
if we are talking about IOT devices, then I've been told a lot of times by more knowledgeable than I people that IOT devices mostly rely on DTLS and not on TLS. And DTLS is explicitly mentioned in the draft as being out of scope. Regards, Valery. > Dear IESG, *: > > We received IESG review for draft-ietf-anima-brski-prm that was asking to make > the use of TLS 1.3 mandatory based on the expectation that draft-ietf-uta-require- > tls13 would become RFC - unless we provide sufficient justification in our (prm) > draft. > > I would like to point out, that it is the current version of draft-ietf-uta-require-tls13 > whose core applicability reasoning is misleading: > > "since TLS 1.3 use is widespread, ... > new protocols that use TLS must require and assume its existence > > This is not correct. Correct would be is: > > "since TLS 1.3 use is widespread in browser, ... > new protocols that use browsers and TLS must require its use and assume its > existence, > protocols not using browsers must recommend its use and assume its existance > > Recommending, but not requiring the use of TLS 1.3 is unfortunately necessary for > quite a while for the much larger space of IOT equipment and protocols written for > non-browser enviroments where IOT equipment is important to be supported. > Such IOT equipment often comes with SDK that can not be upgraded for long > periods of time, sometimes as long as 10 years or longer, and/or solutions where > upgrade of SDK (including OS) would require very expensive re-certification such > as FIPS 140 or required regulatory requirements. > > If you think this is not appropriate, then please stop flying planes, because planes > are one example of systems in which basic systems are not possible to rewrite > from scratch because they can not for various, including financial reasons be re- > qualified at such a base level. > > I hope other readers of this email worrying about being able to apply IETF protocol > standards to IOT environment can chime in on this concerns. > > Short of that, the above text is suggested re-write of the core applicability point of > the UTA draft. There may be other text to update. > > Cheers > Toerless _______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
