Hi Rich,
At 09:12 AM 23-12-2024, The IESG wrote:
The IESG has received a request from the Transport Layer Security WG (tls) to
consider the following document: - 'TLS 1.2 is in Feature Freeze'
<draft-ietf-tls-tls12-frozen-05.txt> as Informational RFC
Version 1.2 of the proposed standard for the Transport Layer Security
protocol was labelled as "Obsolete" [1] since Version 1.3 of the
proposed standard was issued in 2018. draft-ietf-tls-tls12-frozen-05
states that there will not be any changes to the proposed standard
for Version 1.2 except for:
1. Security fixes
2. Registering some code points
There are instructions to IANA for (2). There isn't any instruction
or guidance for the RFC 8447 experts. Should there be some clear
guidance for the RFC 8447 experts as per BCP 26?
There is the following sentence in Section 2: "First IETF discussions
happened around the same time". The reference give for those
discussions points to a set of slides from 2016. I could not find
the minutes for those discussions:
$ curl -I https://www.ietf.org/proceedings/95/minutes/minutes-95-cfrg/
HTTP/2 404
date: Tue, 24 Dec 2024 14:56:59 GMT
There is a logo in the top left corner of the slides which looks like
"IRTF". One alternative would be to drop the word "IETF" as it could
be misleading. Another alternative would be to have a debate about
what the word "IETF" means and whether those 2016 discussions were
held under RFC 2418 guidelines.
Section 2 comes out as implications for Version 1.2 of the protocol
instead of implications for post-quantum cryptography. The first
sentence is Section cites a 2017 web page which was last updated in
November 2024 to argue that there will be a huge impact on RSA in
future. I suggest finding an appropriate source to cite if you wish
to acknowledge that someone reported something about some future event in 2017.
There is the following sentence in the last paragraph of Section 2: "
Put bluntly, post-quantum cryptography for TLS 1.2 WILL NOT be
supported ..." There was a message to the TLS WG mailing list a few
weeks ago:
https://mailarchive.ietf.org/arch/msg/tls/_U8-rGKfHh6oGPavjmbbibXpXXw/
My reading of the message is that the TLS WG was not against long
term support for Version 1.2 of the protocol [2] while it was for of
a feature freeze for Version 1.2 of the protocol. I suggest
considering whether the contradiction could be tackled by providing
unambiguous guidance to the RFC 8447 experts.
Regards,
S. Moonesamy
1. https://www.rfc-editor.org/info/rfc5246
2. As long as it is not the TLS working group which does the work.
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
