On Thu, Apr 10, 2025 at 11:59 AM Eric Rescorla <e...@rtfm.com> wrote:
> > > On Thu, Apr 10, 2025 at 11:41 AM Jared Mauch <ja...@puck.nether.net> > wrote: > >> On Tue, Apr 08, 2025 at 06:05:22PM +0200, Toerless Eckert wrote: >> > Dear IESG, *: >> > >> > We received IESG review for draft-ietf-anima-brski-prm that was asking >> to >> > make the use of TLS 1.3 mandatory based on the expectation that >> draft-ietf-uta-require-tls13 >> > would become RFC - unless we provide sufficient justification in our >> (prm) draft. >> > >> > I would like to point out, that it is the current version of >> draft-ietf-uta-require-tls13 >> > whose core applicability reasoning is misleading: >> > >> > "since TLS 1.3 use is widespread, ... >> > new protocols that use TLS must require and assume its existence >> > >> > This is not correct. Correct would be is: >> > >> > "since TLS 1.3 use is widespread in browser, ... >> > new protocols that use browsers and TLS must require its use and >> assume its existence, >> > protocols not using browsers must recommend its use and assume its >> existance >> > >> >> The internet is not all HTTP transport, I'm not sure how to >> clearly get this message through the IETF. >> >> It seems this is all that the IETF seems to think exists, hence >> DoH and other things without updating the host RFC to mandate these >> other behaviors. >> >> Last I checked the packets got to/from the servers via routing >> protocols that did not use TLS, nor does the routing protocol require >> the privacy that TLS provides, as I raised in the security area >> meetings previuosly. >> > > I'm certainly aware of this, having spent quite a bit of time working > on applications that run over UDP. > Apologies for the editing glitch. This text was supposed to respond to "The Internet is not all HTTP transport". -Ekr
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
