Hi all,
The IESG has received a request from the Using TLS in Applications WG (uta)
to consider the following document: - 'Use of TLS for Email Submission and
Access'
<draft-ietf-uta-tls-for-email-03.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call-EgrivxUAwEY@xxxxxxxxxxxxxxxx mailing lists by 2020-01-31.
Sorry for this late suggestion.
Wouldn't it be better to mention that RFC 8314 must follow the
recommendations in BCP 195?
I see that [draft-ietf-tls-oldversions-deprecate] will be part of BCP
195, so that should do the trick, and avoid unnecessary updates of many
RFCs whenever TLS recommendations change.
Especially:
1. Introduction
[RFC8314] defines the minimum recommended version for TLS as version
1.1. Due to the deprecation of TLS 1.1 in
[I-D.ietf-tls-oldversions-deprecate], this recommendation is no
longer valid. Therefore this document updates [RFC8314] so that the
minimum version for TLS is TLS 1.2.
Suggestion:
1. Introduction
[RFC8314] defines the minimum recommended version for TLS as version
1.1. This recommendation is no longer valid as TLS 1.1 suffers from
weaknesses described in [BCP195]. Therefore this document updates
[RFC8314] so that the minimum version for TLS follows the
recommendations of [BCP195], which regularly strengthens in security
over the time.
Incidentally, maybe this new RFC should not be restricted to only the
protocol version, but all the recommendations in the use of TLS
(ciphers, certificate validation...) that are also present in BCP 195?
--
Julien ÉLIE
« – Le bureau des renseignements ?
– Sais pas. Adressez-vous aux renseignements, ils vous
renseigneront. » (Astérix)
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
