I personally think this point is important enough to be made explicitly instead of implicitly.
If we want to communicate loudly and clearly that post-quantum cryptography is NEVER coming to TLS 1.2, we need to explicitly say that. Otherwise people will say “I know you said TLS 1.2 was frozen, but post-quantum cryptography isn’t a feature, it’s a critical security vulnerability that needs to be patched regardless of any freezes.” The answer will be and needs to be: “No, we told you clearly and explicitly that post-quantum cryptography would require moving to TLS 1.3 or later”. -Tim From: TLS <[email protected]> On Behalf Of Hannes Tschofenig Sent: Monday, December 11, 2023 12:06 PM To: Salz, Rich <[email protected]>; Hannes Tschofenig <[email protected]>; Bas Westerbaan <[email protected]>; Deirdre Connolly <[email protected]> Cc: [email protected] Subject: Re: [TLS] Adoption call for 'TLS 1.2 Feature Freeze' Hi Rich, that is implied by a "feature freeze". No reason to highlight PQC (even though it is a hype topic right now). Ciao Hannes Am 11.12.2023 um 17:18 schrieb Salz, Rich: 1. I consider Section 3 "Implications for post-quantum cryptography" misplaced. I suggest to delete the section 2. The motivation for the draft is unrelated to developments with PQC. The point is to explain to people that we are going to need PQ crypto, and it *will not be a 1.2 enhancement* _______________________________________________ TLS mailing list [email protected] <mailto:[email protected]> https://www.ietf.org/mailman/listinfo/tls
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
