More inline... > On Jan 4, 2024, at 01:02, Murray Kucherawy via Datatracker <[email protected]> > wrote: > > Murray Kucherawy has entered the following ballot position for > draft-ietf-pce-pceps-tls13-03: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Further to Eric's comment, I'm completely confused by question #4 of the > shepherd writeup. While the document claims there are no implementations > known, the shepherd writeup says there's at least one (and it was easy), and > makes another "Yes" remark that I don't understand.
Addressed in an earlier email. > Forwarding a comment from Orie Steele, incoming ART Area Director: > > Noting the comment on 0-RTT / early data regarding secrecy, and the comment on > https://datatracker.ietf.org/doc/html/rfc8253#section-3.4 > > * Negotiation of a ciphersuite providing for confidentiality is RECOMMENDED. > > I'm not an expert on PCEPS, but I wonder why the need for the note at all > given > PCEPs only recommends confidentiality, and the requirement above states early > data is forbidden. Ah okay I see you saying the bit about not forward secret isn’t really needed here if confidentiality is just recommended. I think practical terms though confidentiality is a MUST because all the ciphersuites in s3.4 of RFC 8253 use AES_GCM. In terms of this I-D thought, we could do: OLD: In particular, early data is not forward secret, and there is no protection against the replay of early data between connections. NEW: In particular, no replay protection is provided for early data. However, the sentence as written is true. So …. should I take out the reference to FS or leave it in? spt _______________________________________________ Pce mailing list [email protected] https://www.ietf.org/mailman/listinfo/pce
