I apparently missed the last call announcement for this.
This document seems to be trying to do an entirely reasonable thing,
namely tell folks taht protocols need to be secured, and TLS1.2 isn't
good enough. I don't even pretend to have the skills to disagree.
However, I have a terminological concern. The document says that all
new protocols MUST use TLS1.3 (or better, I presume). For protocols
that are running over TCP, that fine. I do not believe however that we
have agreement that all protocols MUST run over TCP (or QUIC). All
sorts of IP-based protocols run over IP directly. Some run over UDP.
Routing protocols run over all sorts of choices of substrates. Can we
refine the "new protocols" term somehow to be more specific?
It was suggested to me off-list that there was enough context for
readers to know what is meant. I can't find that context in the body of
the document. The fact that it comes from the uta working group may
mean something to some folks, but does not seem to me to be enough
context for a reader.
Yours,
Joel
PS: I tried to fine the original last-call in the archive to reply
properly to that. Apparently, my search skills are insufficient. I
found all sorts of review comments, but not the last call announcement.
Sorry.
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
