Gorry Fairhurst has entered the following ballot position for draft-ietf-tls-deprecate-obsolete-kex-06: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for making this document and the detailed research that likely underpins this proposed update to many RFCs. I am very supportive of this work, however, as this proceeds I have some things that I’d like to see clarified. I would have just passed comments to the editors, but I am not entirely sure how a reader of this document is to now interpret the set of published RFCs I think readers (who may have even less experience than me) ought to clearly understand what has changed. ## DISCUSS 1: I am unsure what is actually required to be updated in the list of RFCs in para 1. I see sentences like: “This includes all cipher suites listed in the table in Appendix A.” My question is what does “includes” mean here? Could this be as simple as a statement something like: “This updates the set of RFCs listed in this document in XXX to deprecate the use of non-ephemeral FFDH cipher suites in (D)TLS 1.2 connections.” Or is there more needed? ## DISCUSS 2: If there is a change to clarify the update would it be possible to make a similar change for all other statements in paras 2,3, and sections 3 and 4. (See Med’s DISCUSS of how this can reflected in some of the specific IANA registries). ## DISCUSS 3: I see this updates a BCP, RFC9325, but I am unsure in what way this is formally updated. I see the text: “ [RFC9325] contains the latest IETF recommendations for users of the (D)TLS protocol (and specifically, (D)TLS 1.2) and this document supersedes it in several points.” - I was expecting text in a section of the document that specifically stated what sections/text was to be changed in that document, but I could not work that out for certain, and hence this list of points is not clear. Can these changes to RFC9325 be made explicit in this specific I-D? I have raised these as DISCUSS items, because I could not clearly understand the intention of the requested changes to the published RFCs. I expect this to be very easy to resolve some way, but would like to understand how. I plan to clear my discuss with support for this document. Best, Gorry. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I see the lists of RFCs to be updated have been placed in appendices. I would have expected these to appear in subsections within the body of the published RFC - reasoning that this is not supplementary material, but is the core contribution. However, if that style is acceptable for this WG, then that would of course be fine for me also. My comment is that I would strongly encourage that each appendix add a sentence or a change to the title that explains that is the normative list of RFCs to be changed. _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
