Thanks for this quick work. I think the 'most' got lost in all the edits. Otherwise, I think it looks great.
Deb On Mon, Apr 14, 2025 at 11:05 AM Salz, Rich <rs...@akamai.com> wrote: > TL;DR. All good ideas, changes incorporated. I am about to submit a -11 > that addresses feedback from: > > Deb's, Med (again; my git mistake), Mike Bishop, Eric Vynke's, and > Scott Rose. > > > > Section 6, para 3, sentence 1: All Finite Field DH? Or all except those > using > ephemeral FFDH specified in RFC7919? If FFDHE with one of RFC7919 groups > are > used, what is the vulnerability? I think you could add the word 'most' in > front of 'finite field DH'. And you could reference RFC 7919, but I won't > require it. [I will note that TLS1.3 allows FFDHE] > > I will add “most”, thanks. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > Thank you to Hillarie Orman for their secdir review. > > Title: While I'm not generally a fan of suggesting title changes, it may > be > warranted here. Perhaps, 'New Protocols Utilizing TLS Must Require TLS > 1.3'. > > Sure. I prefer “Use” if that’s okay. > > > Abstract: I think you are burying the lead here. Perhaps: 'TLS 1.3 use > is > widespread, it has had comprehensive security proofs, and it improves both > security and privacy over TLS 1.2. Therefore, new protocols that use TLS > must > require TLS 1.3. As DTLS 1.3 is not widely available or deployed, this > prescription does not pertain to DTLS (in any DTLS version); it pertains > to TLS > only. > > This document updates RFC9325, discusses post-quantum cryptography and the > security and privacy improvements over TLS 1.2 as a rationale for that > update.' > > That’s good. s/RFC9325,/RFC9325 and/ > > > Introduction: For similar reasons (burying the lead), I would put the > third > para first, and then swap the first and second paragraph (some small > changes > will be needed - remove 'also'). > > Nice! Done. > > > Section 6, para 2: 'extension points'? maybe just 'extensions'? [or add > 'points' to all the places 'extension' is used in the para. > > Yeah, removed “points.” >
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
