Re: [Last-Call] [OPSAWG] Last Call: <draft-ietf-opsawg-tlstm-update-11.txt> (Updates to the TLS Transport Model for SNMP) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you for your input. I will make the requested change in the next release, which I hope to complete today.

Regards,
Ken Vaughn

Trevilon LLC
1060 S Hwy 107
Del Rio, TN 37727
+1-571-331-5670 cell

On Feb 16, 2023, at 12:03 PM, Jonathan Hammell <jfhamme.cccs@xxxxxxxxx> wrote:

After reviewing draft-ietf-opsawg-tlstm-update, I have the following
comment for IETF Last Call.

Section 2.2 says that (D)TLS 1.3 always provides authentication and
privacy, but that is not true with the additional cipher suites
defined in RFC 9150.

I suggest rewording the last paragraph of Section 2.2 as follows:

"Cipher suites for (D)TLS 1.3 defined in [RFC8446] provide both
authentication and privacy. Cipher suites defined in [RFC9150] for
(D)TLS 1.3 provide only authentication, without any privacy
protection. Implementations MAY choose to force (D)TLS 1.3 to only
allow cipher suites that provide both authentication and privacy."

The "MAY" is from Section 3.1.2 of RFC 6353, but if the OPSAWG thinks
this could be strengthened to a "SHOULD" in this update, I would have
no problem with that.

Regards,
Jonathan

--
Jonathan Hammell,
Canadian Centre for Cyber Security,
https://cyber.gc.ca

_______________________________________________
OPSAWG mailing list
OPSAWG@xxxxxxxx
https://www.ietf.org/mailman/listinfo/opsawg


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux