Mostly just nits/style comments assuming that this moves as fast as
ID.tls-oldversions-deprectate.
0) Add updates header “Updates: RFC8314”
1) Title
TLS is now in the RFC editor’s abbreviations list so the title can now be:
Use of TLS for Email Submission and Access
1) Introduction
r/recommended for/recommended version for
r/draft-ietf-tls-oldversions-deprecate/[ID.tls-oldversions-deprectate]
and add normative reference to:
[ID.tls-oldversions-deprectate] Moriarty, Farrell
2) If I were doing this I would do and OLD/NEW style as below. For the shorter
changes, you don’t need it but for the s5 and s5.1 changes I was like what one
earth are they changing. E.g.:
Table of Contents
OLD:
4.1. Deprecation of Services Using Cleartext and TLS Versions Less
Than 1.1
NEW:
4.1. Deprecation of Services Using Cleartext and TLS
Versions Less Than 1.2
Section 4
OLD:
As soon as practicable, MSPs currently supporting Secure Sockets Layer (SSL)
2.x, SSL 3.0, or TLS 1.0 SHOULD transition their users to TLS 1.1 or
later and discontinue support for those earlier versions of SSL and
TLS.”
NEW:
As soon as practicable, MSPs currently supporting Secure
Sockets Layer (SSL) 2.x, SSL 3.0, or TLS 1.0 SHOULD transition their
users to TLS 1.2 or later and discontinue support for those earlier
versions of SSL and TLS.
etc.
3) s5 changes
I’d just change the sentences:
OLD:
If, however, an MUA
provides such an indication, it MUST NOT indicate confidentiality for
any connection that does not at least use TLS 1.1 with certificate
verification and also meet the minimum confidentiality requirements
associated with that account.
NEW:
If, however, an MUA
provides such an indication, it MUST NOT indicate confidentiality for
any connection that does not at least use TLS 1.2 with certificate
verification and also meet the minimum confidentiality requirements
associated with that account.
4) Terminology Section
Since you do have 2119 language and you want to avoid the ID-nits you probably
need a “Terminology Section” with the following text:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
5) A little love for tls1.3
So like we published 1.3 so it can’t hurt to add the reference:
r/MUAs MUST implement TLS 1.2 [RFC5246] or later/MUAs MUST
implement TLS 1.2 [RFC5246] or later, e.g., TLS 1.3 [RFC8446]
6) References
Since you’re downgrading 1.1 should we move it to an informative reference?
Again to avoid ID-nits I guess add 1.1 as an informative and TLS 1.2 and 1.3 as
normative?
7) Sec Cons
I’d probably add something like see [ID.tls-oldversions-deprectate] for why 1.1
is being deprecated.
spt
> On Oct 2, 2018, at 06:24, Loganaden Velvindron <[email protected]> wrote:
>
> On Fri, Sep 21, 2018 at 3:12 PM Loganaden Velvindron
> <[email protected]> wrote:
>>
>> Dear UTA folks,
>>
>> Please find the link here
>> (https://www.ietf.org/id/draft-lvelvindron-tls-for-email-00.txt) for
>> the draft for Switching the minimum requirement for TLS in mail from
>> TLS 1.1 to TLS 1.2. This is inline with what is happening here:
>> https://github.com/tlswg/oldversions-deprecate/blob/master/draft-ietf-tls-oldversions-deprecate.txt
>> where TLS 1.0 and TLS 1.1 are deprecated.
>>
>>
>> Feedback welcome.
>>
>
> ping.
>
>> Kind regards,
>> //Logan
>> C-x-C-c
>
> _______________________________________________
> Uta mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/uta
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
