I agree with David, I think “and provides excellent security as-is” should be removed.
John From: David Benjamin <[email protected]> Date: Wednesday, 4 December 2024 at 18:57 To: John Mattsson <[email protected]> Cc: Salz, Rich <[email protected]>, Sean Turner <[email protected]>, TLS List <[email protected]> Subject: Re: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature Freeze Talking about providing "excellent security" also will get out-of-date and/or subjective once someone decides post-quantum, or any other 1.3-only improvement, is the bar for "excellent". I would suggest just not having the draft opine on such things when it doesn't need to. We could just delete the first paragraph altogether and start the document: > TLS 1.3 [TLS13] is in widespread use and fixes many known deficiencies with > TLS 1.2 [TLS12], such as encrypting more of the traffic so that it is not > readable by outsiders and removing most cryptographic primitives now > considered weak. Importantly, TLS 1.3 enjoys robust security proofs and > provides excellent security as-is. On Wed, Dec 4, 2024 at 12:42 PM John Mattsson <[email protected]<mailto:[email protected]>> wrote: That would address your concern. John From: Salz, Rich <[email protected]<mailto:[email protected]>> Date: Wednesday, 4 December 2024 at 15:21 To: John Mattsson <[email protected]<mailto:[email protected]>>, Sean Turner <[email protected]<mailto:[email protected]>>, TLS List <[email protected]<mailto:[email protected]>> Subject: Re: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature Freeze >TLS 1.3 enjoys robust >security proofs and provides excellent security as-is. as-is, TLS 1.3 does not provide excellent security for long-term connections. It removes essential features such as asymmetric rekeying and reauthentication. Would changing it to “provides excellent security for many use-cases as-is” address your concern? Or “can provide excellent security”? Or does that open up the case where people say “where does not it apply?” Would it be better to just remove the “and provides” phrase altogether? _______________________________________________ TLS mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
