On 19/11/2019 00:41, Salz, Rich wrote:
> As 8422 says "DTLS-OK" and since Yoav is both an author of the RFC and one of
> the registry experts, I think he needs to reply here.
>
>> My guess is either:
>> 1) The registry is in error and they should not have Y against them
>> or
> > 2) The intent behind RFC 8442 was that it should apply to DTLS but it
> was missed in error.
>
> #1 is the simple fix, but it seems wrong. #2 could *probably* be fixed with
> an errata, but hard to do in a way that doesn't make the changes invasive.
Sorry, that should have been RFC 8422 above (not 8442).
Looking at 8422 it seems to me that starting from the title and all the
way through it is exclusively talking about TLS and not DTLS. So, on
reflection, I think fixing it via errata doesn't seem feasible to me.
Perhaps a new RFC could be fairly easily written to apply the changes to
DTLS too.
Either way, it seems to me that the current state of the registry
doesn't match what the RFCs state. This is quite confusing - I
discovered this issue because of a question to the OpenSSL users list
asking why EdDSA certificates could not be used in an OpenSSL DTLS
connection when the registry says that they are allowed. Therefore it
seems to me that the right answer is to correct the registry - at least
for now. Even if there is a subsequent RFC that changes it back again.
Is there a formal process for reporting registry errata? Or is it just a
case of reporting it direct to the assigned experts?
Matt
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
