Thank you for your feedback in this review. Responses inline as to how I
propose it is addressed:
On Sat, Apr 13, 2019 at 12:16 AM Martin Thomson <m...@lowentropy.net> wrote:
> Section 1.1 doesn't say *how* those listed documents are updated. Might
> pay to include a few works on how.
>
Thank you, that was helpful feedback. I changed the introduction text as
follows:
OLD:
This document updates these RFCs that normatively reference TLSv1.0 or
TLSv1.1 or DTLS1.0 and have not been obsoleted.
NEW:
This document updates the following RFCs that normatively reference
TLSv1.0 or TLSv1.1 or DTLS1.0. The update is to obsolete usage of these
older versions. Fallback to these versions are prohibited through this
update.
Section 2 can be cut down a lot. The quote from another document is longer
> than the rest of the text. In many ways, saying that the IETF is moving
> last is not a great thing to memorialize in RFC, as much as it is useful in
> an Internet-Draft or in argumentation in support of publication of the doc.
>
A bunch has been cut out already, but I propose also cutting out the
following text to address your specific point (well taken):
1st paragraph and last 2.
REMOVE:
Industry has actively followed guidance provided by NIST and the PCI
Council to deprecate TLSv1.0 and TLSv1.1 by June 30, 2018. TLSv1.2
should remain a minimum baseline for TLS support at this time.
The Canadian government treasury board have also mandated that these
old versions of TLS not be used.
Various companies and web sites have announced plans to deprecate
these old versions of TLS.
The title of Section 3 could be a bit clearer.
>
Proposed:
SHA-1 Usage Problematic in TLSv1.0 and TLSv1.1
If you have a more terse suggestion, please post. I agree this should be
more clear.
>
> It might pay to explain what RFC 7525 is in Section 6. Why does that
> document warrant special attention over the 70-odd other ones.
>
Good point, how about the following text:
PROPOSED:
RFC7525 is BCP195, "Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security (DTLS)", is the mpost
recent best practice document for implementing TLS and was based off of
TLSv1.2. At the time of publication, TLSv1.0 and TLSv1.1 had not yet been
deprecated. As such, this document is called out specifically to update
text implementing the deprecation recommendations of this document.
> Otherwise, publish this.
>
Thank you!
I'll continue through the rest of the messages, but may have a delay when
tending to other responsibilities.
I am putting the proposals into a new version to upload to the git
repository.
Best regards,
Kathleen
>
>
> On Sat, Apr 13, 2019, at 09:28, Christopher Wood wrote:
> > This is the working group last call for the "Deprecating TLSv1.0 and
> > TLSv1.1” draft available at:
> >
> >
> https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/
> >
> > Please review the document and send your comments to the list by April
> 26, 2019.
> >
> > Thanks,
> > Chris, Joe, and Sean
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> >
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
--
Best regards,
Kathleen
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
