BCP for good TLS practices? (Was: Last Call: <draft-elie-nntp-tls-recommendations-01.txt> (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 28, 2016 at 08:45:30AM -0800,
 The IESG <iesg-secretary@xxxxxxxx> wrote 
 a message of 37 lines which said:

> The IESG has received a request from an individual submitter to consider
> the following document:
> - 'Use of Transport Layer Security (TLS) in??the??Network??News??Transfer
>    Protocol (NNTP)'
>   <draft-elie-nntp-tls-recommendations-01.txt> as Proposed Standard

I've read draft-elie-nntp-tls-recommendations-01.txt, I agree with its
general idea with respect to the old RFC 4642 (moving away from
specific TLS recommendentions to just a reference to established
generic TLS RFCs, RFC 4642 even mandated RC4!), and I think it is
ready to be published on the standards track.

I still have a question about the fact that it references RFC
7525. Since TLS recommandations may change (and certainly will, for
instance because of the progress of cryptanalysis), wouldn't it be
better to use the BCP number 195?

Otherwise, I would drop appendix B. It is useless since we have RFC
2804, and it may even be obsolete (are there still countries with
serious export restrictions on crypto?)




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]