On 04.12.24 08:04, Valery Smyslov wrote:
Thanks for pointer to this. It looks like a more detailed version of tls12-frozen draft. Is there a good reason not to merge the two documents? Is it due to different WGs? or different intended status? or something else?note, that UTA WG has issued a WGLC for draft-ietf-uta-require-tls13-02 (New Protocols Must Require TLS 1.3) [1].[1]https://datatracker.ietf.org/doc/draft-ietf-uta-require-tls13/
On 04.12.24 10:36, John Mattsson wrote:
Do we have an I-D which defines /how long/ do we consider as long-term connections? or I-D which gives recommendations or best practices for /how long /do we consider TLS 1.3 to provide excellent security?as-is, TLS 1.3 does not provide excellent security for long-term connections.
--- Considering the following two statements in I-D, I have two questions:
For TLS it is important to note that the focus of these efforts is TLS 1.3 or later. Put bluntly, post-quantum cryptography for TLS 1.2 WILL NOT be supported.
To me the two sentences are contradicting. Which one of the following is intended?
1. (My understanding from 1st sentence) Some PQC support for TLS 1.2 will still continue but it will not be the focus. 2. (My understanding from 2nd sentence) We will exclusively work on PQC for TLS 1.3 or later.What does the capitalization of WILL NOT mean? I did not find any such capitalization in RFC 2119 and RFC 8174. Please add the relevant RFC in section 2 or define it.
This document specifies that outside of urgent security fixes, no new features will be approved for TLS 1.2.
If the intention of draft was #2 above, cross-reading with this sentence, are we implying that PQC is not an urgent security issue?
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org