Thanks for explanation. In that section, the unsafe points of 0-RTT was called out and was enforces by normative language. For the renegotiation it was not described that much, whether it is a non- preferred feature for SNMP as a whole for whatever reason, rather it is just that TLS1.3 does not support it. so the question remains, what if one future TLS version supports renegotiation. The wording also suggest that there might have more in between the lines :-).
With your explanation, I feel that we should say something along the lines what you wrote -" If a future version of TLS does support renegotiation, then this RFC would likely need to be revisited anyway to determine if we want to allow its use”. But I don’t have super strong opinion about it. //Zahed > On 1 Mar 2023, at 20:30, Kenneth Vaughn <kvau...@trevilon.com> wrote: > > Thank you for your comment, while it is an interesting question, I think the > wording is appropriate as is. > > I believe the proper interpretation of this text is that renegotiation is not > supported for TLS 1.3 and we have not designed anything to allow for > renegotiation (i.e., for any version of TLS). If future versions of TLS do > not support renegotiation, then there should not be any issue. If a future > version of TLS does support renegotiation, then this RFC would likely need to > be revisited anyway to determine if we want to allow its use. I am inclined > to say that the current wording is reasonable as it does not strictly > prohibit it but does indicate it is "not supported" and implies a level of > discouragement as it would not be a standard feature. > > Of course, if TLS added the capability and we wanted to make it a standard > feature, we could update this RFC to allow it - and I would expect that > update would need to make additional revisions to accommodate the new > capability. > > Regards, > Ken Vaughn > > Trevilon LLC > 1060 S Hwy 107 > Del Rio, TN 37727 > +1-571-331-5670 cell > kvau...@trevilon.com <mailto:kvau...@trevilon.com> > www.trevilon.com > <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-6f4c6466cd6cadfe&q=1&e=c1a0529c-646c-4550-ac8a-7ca8b9e9f406&u=http%3A%2F%2Fwww.trevilon.com%2F> > >> I was just wondering - as there is an intended impact on the future here, >> >> "Renegotiation of sessions is not supported as it is not supported by TLS >> 1.3." >> >> what is the intended implication on the application of future versions of >> TLS? >> >> >> >> _______________________________________________ >> OPSAWG mailing list >> OPSAWG@ietf.org <mailto:OPSAWG@ietf.org> >> https://www.ietf.org/mailman/listinfo/opsawg >> >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
