Thanks, Med I did understand your reply and appreciate it, i just felt that i'd also raise my concerns against the IMHO inappropriate, too-broad requirements raised by the ULA draft, whether or not they would ultimately apply to our anima draft or not (e.g.: wrt to "entirely new" for example).
See my last reply to Eric for a more comprehensive explanation of the root problem i am worried about with the ULA draf applicability. https://mailarchive.ietf.org/arch/msg/last-call/K86DDkExYoP0hUCjk77MH8SCbkI/ E.g.: The whole premise of thinking only about "entirely new protocol" is IMHO wrong. The problem is "not entirely new systems or deployments" vs. "incremental adding of new additional software to existing (legacy) systems". Such as new OPS protocols from anima, suit, opsawg, ... And its specifically painfull because it's easy to see how to avoid this conflict (per-app versioning of SDK for example), but also knowing that this is not widely used in the industry for TLS... *sigh* ;-)) Cheers Toerless On Tue, Apr 08, 2025 at 04:53:28PM +0000, mohamed.boucad...@orange.com wrote: > Hi Toerless, all, > > Please see inline one clarification comment as I think that is important. > > Cheers, > Med > > > -----Message d'origine----- > > De : Toerless Eckert <t...@cs.fau.de> > > Envoyé : mardi 8 avril 2025 18:05 > > À : draft-ietf-uta-require-tls13....@ietf.org; last-c...@ietf.org; > > uta@ietf.org; i...@ietf.org > > Cc : iot...@ietf.org; an...@ietf.org; draft-ietf-anima-brski- > > p...@ietf.org > > Objet : Concern about draft-ietf-uta-require-tls13-10 with IoT > > protocols > > > > > > Dear IESG, *: > > > > We received IESG review for draft-ietf-anima-brski-prm that was > > asking to make the use of TLS 1.3 mandatory based on the > > expectation that draft-ietf-uta-require-tls13 would become RFC - > > [Med] I guess you were referring to a comment I made. If so, that's not > exactly reflecting my comment. I'm copying/pasting here, fwiw; > > ================ > > > > > > # Requires TLS1.3 > > > > > > CURRENT: > > > As already stated in [RFC8995], the use of TLS 1.3 (or newer) > > is > > > encouraged. TLS 1.2 or newer is REQUIRED on the Registrar- > > Agent > > > side. TLS 1.3 (or newer) SHOULD be available on the > > registrar, but > > > TLS 1.2 MAY be used. TLS 1.3 (or newer) SHOULD be available > > on the > > > MASA, but TLS 1.2 MAY be used. > > > > > > Please update to take into to reflect draft-ietf-uta-require- > > tls13. > > [stf] I saw that there was already discussion on this issue. I created > > a corresponding issue as > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > github.com%2Fanima-wg%2Fanima-brski- > > prm%2Fissues%2F139&data=05%7C02%7Cmohamed.boucadair%40orange.com%7 > > Ceddc725b341946fbca5008dd75ef55af%7C90c7a20af34b40bfbc48b9253b6f5d > > 20%7C0%7C0%7C638796392977548468%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU > > 1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIs > > IldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=WqjjxqsAWc9oufFDjJGYsHRdYK9cku > > v2CnKiUb5yHrA%3D&reserved=0 > > We will discuss the use of TLS 1.2 and if there is a desire to also > > allow or existing pledges, that may have no option to only allow TLS > > 1.3, we would add a note as suggested and explain the necessity. > > > > [Med] ACK. I'm neutral on the outcome here, but I'd like we back the design > and include some reasoning if we don't follow the UTA reco. Thanks. > ============== > > Cheers, > Med > > > ____________________________________________________________________________________________________________ > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu > ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete > this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. -- --- t...@cs.fau.de _______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
