Dear IESG Members, Thank you so much for taking the time to review the document, and help make it clearer!
We’ve addressed your points in this PR: https://github.com/tlswg/draft-deprecate-obsolete-kex/pull/26/files#top Best wishes, and thanks again, Joe and Nimrod =================== Gorry: Discuss 1: Thanks for the feedback! We’ve added specific language: https://github.com/tlswg/draft-deprecate-obsolete-kex/pull/26/files#diff-bfcdc92dcfe1f2013251d0cecbae501ff67f6bb37a87888fad18cc0daf527983R170 Discuss 2: Thanks again for the catch! We’ve added text here: https://github.com/tlswg/draft-deprecate-obsolete-kex/pull/26/files#diff-bfcdc92dcfe1f2013251d0cecbae501ff67f6bb37a87888fad18cc0daf527983R242 Sections 3 and 4 already provide normative language to describe the action to be taken as a result of the deprecation. If you think there are more places where we should add similar text, we’re happy to do so. Discuss 3: Thanks yet again! The PR adds a reference to the section in RFC 9325 affected by this document. https://github.com/tlswg/draft-deprecate-obsolete-kex/pull/26/files#diff-bfcdc92dcfe1f2013251d0cecbae501ff67f6bb37a87888fad18cc0daf527983R540 Comment: Thanks! We’ve made the requested change. Mohamed: Update a BCP: We believe the document is more broad than merely updating RFC 9325. It provides the technical background as to why the changes are necessary, updates the IANA registry. Once this document is published perhaps it could be added to the BCP. “[RFC9325] contains the latest IETF recommendations” won’t age well. However, “[BCP195] contains the latest IETF recommendations” is likely to be valid independent of future revisions of RFC9325.) -- Thanks! We changed it accordingly. Appendix B. ECDH Cipher Suites Whose Use Is Discouraged by This Document These are already marked as “N” in the registry. What concrete changes will be captured in the registry? Please clarify. The document moves them to “Recommended: D”, to align with RFC8447bis. We’ve added language accordingly, thanks! The PR also addresses the points listed below - thank you all again for taking the time to review and point everything out! Please indicate where to find the registry DH Cipher Suites Deprecated by This Document: can we please be explicit that we are asking for “recommended” to be set to “D” for these entries?
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
