Reviewer: Hilarie Orman Review result: Has Nits Do not be alarmed. I generated this review of this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. The gist of the document is "use TLS 1.3", but I cannot tell what the command is directed to. The title says "new protocols". Does that mean "new protocols that require transport layer confidentiality, integrity, and authentication"?? Any new protocol that specifies TLS? Or simply any new protocol within the IETF? Section 1 says that it updates Section 5 of RFC9325. but it's not clear if that is the sole intent of this document, or if it has a wider scope. "TLS 1.3 enjoys robust security proofs" sounds definitive, but I think that might be misleading to the average reader. There has been a great deal of attention paid to proving various cryptographic aspects of the protocol, and some attention to implementation proofs, but these fall short of being an ironclad guarantee that "this cannot fail in practice". I don't think "robust" has any useful technical meaning with regard to proofs. Some rephrasing might convey the idea that "there has been a lot of careful scrutiny of the the protocol." Section 3 states "cryptographically-relevant quantum computers (CRQC), once available, ..." raises our expectations for these devices. Do they exist now, but they aren't "available" for cryptography? Will they exist within the lifetime of anyone reading the document now? It's highly debatable. I'd add a pinch more of the subjunctive tense to this. Section 6: "TLS 1.2 was specified with several cryptographic primitives and design choices that have, over time, weakened its security." I'd not say that the security has changed, but our understanding of its security has changed. Hilarie -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
