[Last-Call] Re: [dnsdir] Dnsdir last call review of draft-ietf-uta-require-tls13-05

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21 Feb 2025, at 11:17 am, Eric Rescorla via dnsdir <dnsdir@xxxxxxxx> wrote:



On Thu, Feb 20, 2025 at 3:55 PM Geoff Huston via Datatracker <noreply@xxxxxxxx> wrote:
Reviewer: Geoff Huston
Review result: Ready with Nits

I was assigned as the dnsdir reviewer for draft-ietf-uta-require-tls13-05.
For more information about the DNS Directorate, please see
https://wiki.ietf.org/en/group/dnsdir

NIT: Should the enumeration of the known deficiencies of TLS 1.2 be contained
in the Introduction? The same considerations are described in Section 6, and
their summation in the Introduction seems to be superfluous.

NIT: the assertion in section 3 that "TLS applications will need to migrate to
post-quantum cryptography" is ddependent on the expectation of the lifetime of
the integrity of the encrypted object. The current advice on the immediate need
to use PQC is based on an integrity lifetime of 20 years.I would feel better if
the sentence read "many TLD applications..."

Do you have a source for this 20 year figure? It hasn't figured heavily in the
discussions in (say) TLS WG.

More generally, it's very hard to estimate the meaningful lifetime of data
and even hard to measure the meaningful lifetime when a protocol can
carry multiple kinds of data (e.g., HTTP can carry data with effective
lifetime in seconds like MFA codes or decades like medical information).
Can you provide some examples of protocols which you do not think
need to transition to PQ algorithms?

Hi ekr

I felt sure I had read this in a NIST publication a year or more ago, but I cannot dredge
up the reference (apologies for my crap record keeping!). The gist of the argument
was that if you want to maintain the integrity of an encrypted item over a period of
time its not only the capabilities of the current computing environment that you
need to concern yourself, but the capabilities of the future environment near the
end of the anticipated integrity lifetime. It was in this context that a "secret" lifetime
of 20 years was mentioned.

As for an example of a protocol which makes short-term use of data, I would
nominate DNSSEC.

regards,
  Geoff



<<attachment: smime.p7s>>

-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux