Re: [Last-Call] [OPSAWG] Last Call: <draft-ietf-opsawg-tlstm-update-11.txt> (Updates to the TLS Transport Model for SNMP) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



After reviewing draft-ietf-opsawg-tlstm-update, I have the following
comment for IETF Last Call.

Section 2.2 says that (D)TLS 1.3 always provides authentication and
privacy, but that is not true with the additional cipher suites
defined in RFC 9150.

I suggest rewording the last paragraph of Section 2.2 as follows:

"Cipher suites for (D)TLS 1.3 defined in [RFC8446] provide both
authentication and privacy. Cipher suites defined in [RFC9150] for
(D)TLS 1.3 provide only authentication, without any privacy
protection. Implementations MAY choose to force (D)TLS 1.3 to only
allow cipher suites that provide both authentication and privacy."

The "MAY" is from Section 3.1.2 of RFC 6353, but if the OPSAWG thinks
this could be strengthened to a "SHOULD" in this update, I would have
no problem with that.

Regards,
Jonathan

--
Jonathan Hammell,
Canadian Centre for Cyber Security,
https://cyber.gc.ca

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux