Dear UTA WG, authors, A humble shepherd's review of this version of the document. (The write-up is coming)
Regards, Renzo BEGIN --- Introduction: Doing the shepherd’s write-up I am asked if the document updates any RFC and if so if this is mentioned in the intro. This document updates RFC 7925, and this is mentioned on the header, datatracker, and abstract. However not a single word is mentioned in the Introduction, shall it mention it again? “This document updates RFC 7925 with respect to the X.509 certificate profile and ciphersuite requirements” No problem I guess, the updates are mostly/all done on section 17 (Certificate Profile). But maybe for someone looking at the update we can put this pointer on the intro. Section 10. “ For RCC … ” : acronym not defined (Return Routability Check). Section 17. Intro, last paragraph. “omits those operational requirements. since” missing the uppercase after a full stop. Section 19: Certificate Overhead. Almost duplicate paragraph in different sections. “Although the TLS specification does not explicitly prohibit a server from including trust anchors in the Certificate message - and some implementations do - trust anchors SHOULD NOT be transmitted in this way. Trust anchors are intended to be provisioned through out-of-band mechanisms, and any trust anchor included in the TLS Certificate message cannot be assumed trustworthy by the client. Including them therefore serves no functional purpose and unnecessarily consumes bandwidth.” And a few paragraphs later: “Although the TLS specification does not forbid a server from including trust anchors in the Certificate message, and some implementations do so, trust anchors SHOULD NOT be transmitted this way. Trust anchors are meant to be provisioned out of band, and any trust anchor sent in the Certificate message cannot be relied upon by the client. Sending it therefore only wastes bandwidth.” The first one seems more complete. Check continuity with the last two paragraphs of the section, and erase one accordingly. 22. Post-Quantum Cryptography (PQC) Considerations Great disclaimer. Is it understood by the reader that the recommendations/ciphersuites used on this profile are not quantum-resistant? Maybe add a one liner about this at the beginning of the opening section paragraph? Section 24/23? Privacy considerations missing (but this is optional), nothing interesting to say? (LDevIDs, subject?) Refs: Attention [I-D.ietf-tls-ctls] expired in April 2024 (is informative so it will be OK I guess…). -- END On Tue, Feb 3, 2026 at 9:01 PM <[email protected]> wrote: > > Internet-Draft draft-ietf-uta-tls13-iot-profile-18.txt is now available. It is > a work item of the Using TLS in Applications (UTA) WG of the IETF. > > Title: TLS/DTLS 1.3 Profiles for the Internet of Things > Authors: Hannes Tschofenig > Thomas Fossati > Michael Richardson > Name: draft-ietf-uta-tls13-iot-profile-18.txt > Pages: 33 > Dates: 2026-02-03 > > Abstract: > > RFC 7925 offers guidance to developers on using TLS/DTLS 1.2 for > Internet of Things (IoT) devices with resource constraints. This > document is a companion to RFC 7925, defining TLS/DTLS 1.3 profiles > for IoT devices. Additionally, it updates RFC 7925 with respect to > the X.509 certificate profile and ciphersuite requirements. > > Discussion Venues > > This note is to be removed before publishing as an RFC. > > Source for this draft and an issue tracker can be found at > https://github.com/thomas-fossati/draft-tls13-iot. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-uta-tls13-iot-profile-18.html > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-uta-tls13-iot-profile-18 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > Uta mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ Uta mailing list -- [email protected] To unsubscribe send an email to [email protected]
