I defer to the experts. I assumed that the document is safe to implement ignoring the notes (both notes could have been removed).
Since they were included and I read the related comment on confidentiality, I was confused enough to risk embarrassment. If I were an implementer of this, I might be slightly annoyed reading context for a feature that I was just forbidden from using. If you think the extra context will be appreciated by implementers, I suggest leaving it as is. OS On Thu, Jan 4, 2024 at 1:10 PM Sean Turner <[email protected]> wrote: > More inline... > > > On Jan 4, 2024, at 01:02, Murray Kucherawy via Datatracker < > [email protected]> wrote: > > > > Murray Kucherawy has entered the following ballot position for > > draft-ietf-pce-pceps-tls13-03: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > > for more information about how to handle DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Further to Eric's comment, I'm completely confused by question #4 of the > > shepherd writeup. While the document claims there are no implementations > > known, the shepherd writeup says there's at least one (and it was easy), > and > > makes another "Yes" remark that I don't understand. > > Addressed in an earlier email. > > > Forwarding a comment from Orie Steele, incoming ART Area Director: > > > > Noting the comment on 0-RTT / early data regarding secrecy, and the > comment on > > https://datatracker.ietf.org/doc/html/rfc8253#section-3.4 > > > > * Negotiation of a ciphersuite providing for confidentiality is > RECOMMENDED. > > > > I'm not an expert on PCEPS, but I wonder why the need for the note at > all given > > PCEPs only recommends confidentiality, and the requirement above states > early > > data is forbidden. > > Ah okay I see you saying the bit about not forward secret isn’t really > needed here if confidentiality is just recommended. I think practical > terms though confidentiality is a MUST because all the ciphersuites in > s3.4 of RFC 8253 use AES_GCM. > > In terms of this I-D thought, we could do: > > OLD: > > In particular, early data is not > forward secret, and there is no protection against the replay of > early data between connections. > > NEW: > > In particular, no replay protection is provided for early data. > > However, the sentence as written is true. So …. should I take out the > reference to FS or leave it in? > > spt > > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ Pce mailing list [email protected] https://www.ietf.org/mailman/listinfo/pce
