Hi Jared, I suspect there is a disconnect here.
The guidance is not about random protocols, please check https://richsalz.github.io/draft-use-tls13/draft-ietf-uta-require-tls13.html which I think has the correct words. Cheers, Med > -----Message d'origine----- > De : Jared Mauch <ja...@puck.nether.net> > Envoyé : jeudi 10 avril 2025 20:41 > À : Toerless Eckert <t...@cs.fau.de> > Cc : draft-ietf-uta-require-tls13....@ietf.org; last- > c...@ietf.org; uta@ietf.org; i...@ietf.org; iot...@ietf.org; > an...@ietf.org; draft-ietf-anima-brski-...@ietf.org > Objet : [Iotops] Re: [Last-Call] Concern about draft-ietf-uta- > require-tls13-10 with IoT protocols > > > On Tue, Apr 08, 2025 at 06:05:22PM +0200, Toerless Eckert wrote: > > Dear IESG, *: > > > > We received IESG review for draft-ietf-anima-brski-prm that was > asking > > to make the use of TLS 1.3 mandatory based on the expectation > that > > draft-ietf-uta-require-tls13 would become RFC - unless we > provide sufficient justification in our (prm) draft. > > > > I would like to point out, that it is the current version of > > draft-ietf-uta-require-tls13 whose core applicability reasoning > is misleading: > > > > "since TLS 1.3 use is widespread, ... > > new protocols that use TLS must require and assume its > existence > > > > This is not correct. Correct would be is: > > > > "since TLS 1.3 use is widespread in browser, ... > > new protocols that use browsers and TLS must require its use > and assume its existence, > > protocols not using browsers must recommend its use and > assume its > > existance > > > > The internet is not all HTTP transport, I'm not sure how to > clearly get this message through the IETF. > > It seems this is all that the IETF seems to think exists, > hence DoH and other things without updating the host RFC to > mandate these other behaviors. > > Last I checked the packets got to/from the servers via > routing protocols that did not use TLS, nor does the routing > protocol require the privacy that TLS provides, as I raised in the > security area meetings previuosly. > > I get that when people look at things and they only have a > hammer they try to use it, but until we deprecate all protocol and > port numbers trying to legislate through the standards process > requirements that we don't need continues to demonstrate the > disconnect that exists here. > > And ask yourself, why would someone with a differing opinion > bother to engage here? There's no incentive, we are told we don't > know what we are talking about and basically ignored. > > At a recent meeting for another thing, the concept that we > use TCP sessions that may have a multi-year lifetime seemed to > shock some people. Yes it's a real thing, because not everything > is a json blob. > > Not sure how much more clear this message can be. Yes HTTP > is very popular, but it's not the whole thing. > > - Jared > > -- > Iotops mailing list -- iot...@ietf.org > To unsubscribe send an email to iotops-le...@ietf.org ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
