Re: BCP for good TLS practices? (Was: Last Call: <draft-elie-nntp-tls-recommendations-01.txt> (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bonsoir Stéphane,

The IESG has received a request from an individual submitter to consider
the following document:
- 'Use of Transport Layer Security (TLS) in??the??Network??News??Transfer
   Protocol (NNTP)'
  <draft-elie-nntp-tls-recommendations-01.txt> as Proposed Standard

I've read draft-elie-nntp-tls-recommendations-01.txt, I agree with its
general idea with respect to the old RFC 4642 (moving away from
specific TLS recommendentions to just a reference to established
generic TLS RFCs, RFC 4642 even mandated RC4!), and I think it is
ready to be published on the standards track.

Many thanks for having taken time to read the document.


I still have a question about the fact that it references RFC
7525. Since TLS recommandations may change (and certainly will, for
instance because of the progress of cryptanalysis), wouldn't it be
better to use the BCP number 195?

Good point. I'll see with Alexey as AD if that's OK for him to reference RFC 7525 as BCP 195 in the document.


Otherwise, I would drop appendix B. It is useless since we have RFC
2804, and it may even be obsolete (are there still countries with
serious export restrictions on crypto?)

OK to drop Appendix B.

--
Julien ÉLIE

« – Je me sens un peu rouillé ! C'est sûrement à cause des
    pluies provoquées par Assurancetourix !
  – En attendant c'est nous qui dérouillons ! » (Astérix)




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]