On Wed, Apr 9, 2025 at 1:15 AM Valery Smyslov <val...@smyslov.net> wrote:
> (speaking not as UTA chair) > > Hi Toerless, > > if we are talking about IOT devices, then I've been told a lot of times by > more knowledgeable than I > people that IOT devices mostly rely on DTLS and not on TLS. And DTLS is > explicitly > mentioned in the draft as being out of scope. > > +1 Behcet > Regards, > Valery. > > > > Dear IESG, *: > > > > We received IESG review for draft-ietf-anima-brski-prm that was asking to > make > > the use of TLS 1.3 mandatory based on the expectation that > draft-ietf-uta-require- > > tls13 would become RFC - unless we provide sufficient justification in > our > (prm) > > draft. > > > > I would like to point out, that it is the current version of > draft-ietf-uta-require-tls13 > > whose core applicability reasoning is misleading: > > > > "since TLS 1.3 use is widespread, ... > > new protocols that use TLS must require and assume its existence > > > > This is not correct. Correct would be is: > > > > "since TLS 1.3 use is widespread in browser, ... > > new protocols that use browsers and TLS must require its use and > assume > its > > existence, > > protocols not using browsers must recommend its use and assume its > existance > > > > Recommending, but not requiring the use of TLS 1.3 is unfortunately > necessary for > > quite a while for the much larger space of IOT equipment and protocols > written for > > non-browser enviroments where IOT equipment is important to be supported. > > Such IOT equipment often comes with SDK that can not be upgraded for long > > periods of time, sometimes as long as 10 years or longer, and/or > solutions > where > > upgrade of SDK (including OS) would require very expensive > re-certification such > > as FIPS 140 or required regulatory requirements. > > > > If you think this is not appropriate, then please stop flying planes, > because planes > > are one example of systems in which basic systems are not possible to > rewrite > > from scratch because they can not for various, including financial > reasons > be re- > > qualified at such a base level. > > > > I hope other readers of this email worrying about being able to apply > IETF > protocol > > standards to IOT environment can chime in on this concerns. > > > > Short of that, the above text is suggested re-write of the core > applicability point of > > the UTA draft. There may be other text to update. > > > > Cheers > > Toerless > > -- > Iotops mailing list -- iot...@ietf.org > To unsubscribe send an email to iotops-le...@ietf.org >
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
