TL;DR. All good ideas, changes incorporated. I am about to submit a -11 that
addresses feedback from:
Deb's, Med (again; my git mistake), Mike Bishop, Eric Vynke's, and Scott
Rose.
Section 6, para 3, sentence 1: All Finite Field DH? Or all except those using
ephemeral FFDH specified in RFC7919? If FFDHE with one of RFC7919 groups are
used, what is the vulnerability? I think you could add the word 'most' in
front of 'finite field DH'. And you could reference RFC 7919, but I won't
require it. [I will note that TLS1.3 allows FFDHE]
I will add “most”, thanks.
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Thank you to Hillarie Orman for their secdir review.
Title: While I'm not generally a fan of suggesting title changes, it may be
warranted here. Perhaps, 'New Protocols Utilizing TLS Must Require TLS 1.3'.
Sure. I prefer “Use” if that’s okay.
Abstract: I think you are burying the lead here. Perhaps: 'TLS 1.3 use is
widespread, it has had comprehensive security proofs, and it improves both
security and privacy over TLS 1.2. Therefore, new protocols that use TLS must
require TLS 1.3. As DTLS 1.3 is not widely available or deployed, this
prescription does not pertain to DTLS (in any DTLS version); it pertains to TLS
only.
This document updates RFC9325, discusses post-quantum cryptography and the
security and privacy improvements over TLS 1.2 as a rationale for that update.'
That’s good. s/RFC9325,/RFC9325 and/
Introduction: For similar reasons (burying the lead), I would put the third
para first, and then swap the first and second paragraph (some small changes
will be needed - remove 'also').
Nice! Done.
Section 6, para 2: 'extension points'? maybe just 'extensions'? [or add
'points' to all the places 'extension' is used in the para.
Yeah, removed “points.”
_______________________________________________
Uta mailing list -- uta@ietf.org
To unsubscribe send an email to uta-le...@ietf.org
