Special thanks to Valery Smyslov for the shepherd's write-up including the WG consensus ***but it lacks*** the justification of the intended status. It updated 9325 which is a BCP, so this must also be BCP.
Other thanks to Scott Rose, the DNS directorate reviewer, please consider this int-dir review and one typo: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/review-ietf-uta-require-tls13-10-dnsdir-telechat-rose-2025-03-27/__;!!GjvTz_vk!TjD_WBwLk_w5P06IDyz1lfWp5lv4kCmrEGLde368Zw2kt8T_W812ClwqXC6A36IcbykS7XlrZ_OV$<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/review-ietf-uta-require-tls13-10-dnsdir-telechat-rose-2025-03-27/__;!!GjvTz_vk!TjD_WBwLk_w5P06IDyz1lfWp5lv4kCmrEGLde368Zw2kt8T_W812ClwqXC6A36IcbykS7XlrZ_OV$> (and I have read reply) Already fixed in editor’s copy. ## COMMENTS (non-blocking) ### Title Should the title be "At Least v1.3 of TLS" ? The WG discussed this and since we don’t know what future versions will have, the consensus was not to do that. ### Abstract The sentence about example does not really fit an abstract, please remove. It was a rewording in responses to a SECDIR review. I will remove it from the abstract and leave it in the introduction. Unsure how to read `fixed weaknesses in TLS 1.2` ? I.e, if they are fixed, then why move to TLS 1.3 ? Weakness refers to the deficiencies mentioned above (now with no explanation of what they are :). Not *all* weaknesses. ### Section 1 The first paragraph is somehow self-contradicting "good security properties" vs. "several deficiencies" vs. "bespoke configuration". I don’t see it. It CAN be good if you set the right configuration, but there are some fundamental deficiencies (e.g., no PQ, SNI in plaintext) that make it less good than using TLS 1.3 ### Section 4 I would remove the DoT counter-example, it is only confusing. Given the recent IoT discussion in the last-call mailing list I want to keep it. Isn't the set of crypto algorithms also part of the negotiation ? I.e., a 'stupid' configuration could have TLS 1.2 with really good crypto and TLS 1.3 with average one (in a couple of years). Should the text mention this as well ? We don’t expect TLS 1.3 ciphers to become weak until there is a cryptographically relevant quantum computer. The TLS 1.3 choices pick the best of the TLS 1.2 list of available algorithms so I don’t think your suggestion is valid. ### Section 6 While this section proposes mitigations to some attacks against TLS 1.2, it does not do so for *all* attacks while section claims that bespoke configuration can fix all weaknesses of TLS 1.2. I assume “while section [introduction] claims…”. It doesn’t say it can fix all weaknesses. It says you can get GOOD security.
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
