Hi Renzo, Thank you very much for the review and for your excellent work shepherding this document.
All the points you raise below seem very reasonable, and we are working to address them [1]. Question: Is any of them a blocker to moving the document forward? (It shouldn't take long to create another version of the document -- we just need to make sure that everyone's expectations are aligned.) cheers! [1] https://github.com/thomas-fossati/draft-tls13-iot/pull/142 On Mon, 16 Feb 2026 at 16:46, Renzo Navas <[email protected]> wrote: > > Dear UTA WG, authors, > > A humble shepherd's review of this version of the document. (The > write-up is coming) > > Regards, > > Renzo > > > BEGIN > --- > Introduction: > Doing the shepherd’s write-up I am asked if the document updates any > RFC and if so if this is mentioned in the intro. This document updates > RFC 7925, and this is mentioned on the header, datatracker, and > abstract. However not a single word is mentioned in the Introduction, > shall it mention it again? > “This document updates RFC 7925 with respect to the X.509 certificate > profile and ciphersuite requirements” No problem I guess, the updates > are mostly/all done on section 17 (Certificate Profile). But maybe for > someone looking at the update we can put this pointer on the intro. > > Section 10. > “ For RCC … ” : acronym not defined (Return Routability Check). > > Section 17. > Intro, last paragraph. “omits those operational requirements. since” > missing the uppercase after a full stop. > > Section 19: Certificate Overhead. > Almost duplicate paragraph in different sections. > > “Although the TLS specification does not explicitly prohibit a server > from including trust anchors in the Certificate message - and some > implementations do - trust anchors SHOULD NOT be transmitted in this > way. Trust anchors are intended to be provisioned through out-of-band > mechanisms, and any trust anchor included in the TLS Certificate > message cannot be assumed trustworthy by the client. Including them > therefore serves no functional purpose and unnecessarily consumes > bandwidth.” > > And a few paragraphs later: > > “Although the TLS specification does not forbid a server from > including trust anchors in the Certificate message, and some > implementations do so, trust anchors SHOULD NOT be transmitted this > way. Trust anchors are meant to be provisioned out of band, and any > trust anchor sent in the Certificate message cannot be relied upon by > the client. Sending it therefore only wastes bandwidth.” > > The first one seems more complete. Check continuity with the last two > paragraphs of the section, and erase one accordingly. > > > 22. Post-Quantum Cryptography (PQC) Considerations > Great disclaimer. Is it understood by the reader that the > recommendations/ciphersuites used on this profile are not > quantum-resistant? Maybe add a one liner about this at the beginning > of the opening section paragraph? > > Section 24/23? Privacy considerations missing (but this is optional), > nothing interesting to say? (LDevIDs, subject?) > > Refs: > Attention [I-D.ietf-tls-ctls] expired in April 2024 (is informative so > it will be OK I guess…). > > -- > END > > > On Tue, Feb 3, 2026 at 9:01 PM <[email protected]> wrote: > > > > Internet-Draft draft-ietf-uta-tls13-iot-profile-18.txt is now available. It > > is > > a work item of the Using TLS in Applications (UTA) WG of the IETF. > > > > Title: TLS/DTLS 1.3 Profiles for the Internet of Things > > Authors: Hannes Tschofenig > > Thomas Fossati > > Michael Richardson > > Name: draft-ietf-uta-tls13-iot-profile-18.txt > > Pages: 33 > > Dates: 2026-02-03 > > > > Abstract: > > > > RFC 7925 offers guidance to developers on using TLS/DTLS 1.2 for > > Internet of Things (IoT) devices with resource constraints. This > > document is a companion to RFC 7925, defining TLS/DTLS 1.3 profiles > > for IoT devices. Additionally, it updates RFC 7925 with respect to > > the X.509 certificate profile and ciphersuite requirements. > > > > Discussion Venues > > > > This note is to be removed before publishing as an RFC. > > > > Source for this draft and an issue tracker can be found at > > https://github.com/thomas-fossati/draft-tls13-iot. > > > > The IETF datatracker status page for this Internet-Draft is: > > https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/ > > > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-uta-tls13-iot-profile-18.html > > > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-uta-tls13-iot-profile-18 > > > > Internet-Drafts are also available by rsync at: > > rsync.ietf.org::internet-drafts > > > > > > _______________________________________________ > > Uta mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > _______________________________________________ > Uta mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ Uta mailing list -- [email protected] To unsubscribe send an email to [email protected]
