After reviewing draft-ietf-opsawg-tlstm-update, I have the following comment for IETF Last Call. Section 2.2 says that (D)TLS 1.3 always provides authentication and privacy, but that is not true with the additional cipher suites defined in RFC 9150. I suggest rewording the last paragraph of Section 2.2 as follows: "Cipher suites for (D)TLS 1.3 defined in [RFC8446] provide both authentication and privacy. Cipher suites defined in [RFC9150] for (D)TLS 1.3 provide only authentication, without any privacy protection. Implementations MAY choose to force (D)TLS 1.3 to only allow cipher suites that provide both authentication and privacy." The "MAY" is from Section 3.1.2 of RFC 6353, but if the OPSAWG thinks this could be strengthened to a "SHOULD" in this update, I would have no problem with that. Regards, Jonathan -- Jonathan Hammell, Canadian Centre for Cyber Security, https://cyber.gc.ca -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
