[Uta] Re: [Iotops] Re: [Anima] Re: Re: Concern about draft-ietf-uta-require-tls13-10 with IoT protocols

Mon, 14 Apr 2025 09:15:30 -0700 

Dear thread contributors,
please try to keep the number of recipients in replies to this thread to a maximum of 10. That would really help with the timeliness of the conversation. This request is not related to cross-posting between lists, but list policies in general. 


Viele Grüße,

Henk


p.s. I am aware that I am violating my own request, rn... in order not 
to mess mess with the current TO and CC, arbitrarily. That's your job now.


On 10.04.25 18:35, Eric Rescorla wrote:




On Thu, Apr 10, 2025 at 6:59 AM Michael Richardson 
<mcr+i...@sandelman.ca <mailto:mcr%2bi...@sandelman.ca>> wrote:



    Peter Gutmann <pgut...@cs.auckland.ac.nz
    <mailto:pgut...@cs.auckland.ac.nz>> wrote:
         >> Or, you can write new application level code, but the base
    embedded system,
         >> which contains TLS as part of the SDK, can not be upgraded
    without a new
         >> review.

         > That's what I usually run into.  A tweak in the
    application-level code isn't a
         > big deal, but adding an entire second protocol stack for TLS
    1.3 is.  There
         > are also situations where you've barely got room for one TLS
    stack, so being
         > required to have both TLS 1.2 and 1.3 is a non-starter.

    So, on the non-constrained system, we need to tell them to do 1.3
    (and newer)
    so that there is an update path, but also to do 1.2.

    Further, the more documents which people wind up not complying to,
    then it
    becomes increasing to get them to pay any attention to any of the
    criteria.

    And DTLS 1.3 is not ubiquitous.


This document already distinguishes DTLS 1.3 from TLS 1.3 for this
precise reason.

-Ekr

    This started with an AD telling us that we need to reflect
    uta-require-tls1.3 in our
    document, but really, we do as good a job as we can.



    --
    Michael Richardson <mcr+i...@sandelman.ca
    <mailto:mcr%2bi...@sandelman.ca>>   . o O ( IPv6 IøT consulting )
                Sandelman Software Works Inc, Ottawa and Worldwide




    _______________________________________________
    Anima mailing list -- an...@ietf.org <mailto:an...@ietf.org>
    To unsubscribe send an email to anima-le...@ietf.org
    <mailto:anima-le...@ietf.org>




_______________________________________________
Uta mailing list -- uta@ietf.org
To unsubscribe send an email to uta-le...@ietf.org






















					Reply via email to