[netconf] Paul Wouters' Discuss on draft-ietf-netconf-over-tls13-03: (with DISCUSS and COMMENT)
Paul Wouters via Datatracker <noreply@ietf.org> Mon, 27 November 2023 22:22 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: netconf@ietf.org
Delivered-To: netconf@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D5E3C15108F; Mon, 27 Nov 2023 14:22:39 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-netconf-over-tls13@ietf.org, netconf-chairs@ietf.org, netconf@ietf.org, kent+ietf@watsen.net, kent+ietf@watsen.net
X-Test-IDTracker: no
X-IETF-IDTracker: 11.15.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Paul Wouters <paul.wouters@aiven.io>
Message-ID: <170112375949.47813.10096201060725225897@ietfa.amsl.com>
Date: Mon, 27 Nov 2023 14:22:39 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/H_WqXOBpGpUL21aK2APORuenGiA>
Subject: [netconf] Paul Wouters' Discuss on draft-ietf-netconf-over-tls13-03: (with DISCUSS and COMMENT)
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Nov 2023 22:22:39 -0000
Paul Wouters has entered the following ballot position for draft-ietf-netconf-over-tls13-03: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-netconf-over-tls13/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Why does Section 4 not simply point to the ciphersuites MTI of the respective TLS versions? TLS 1.3 as per RFC8446bis Section 9.1: https://datatracker.ietf.org/doc/html/draft-ietf-tls-rfc8446bis-09#name-mandatory-to-implement-ciph TLS 1.2 to RFC9325 Section 4.2: https://datatracker.ietf.org/doc/html/rfc9325#name-cipher-suites-for-tls-12 It almost does this but then decides on its own more limited set of ciphersuites. Is there a good reason for this why to deviate from the TLS 1.2 and 1.3 standards? Or why not to stick to the RECOMMENDED Y column in the IANA registry for TLS Ciphersuites ? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Implementations MUST support TLS 1.2 [RFC5246] and are REQUIRED to support the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite [RFC9325]. Should this say "MUST support mutually authenticatd TLS 1.2" ? Because the line below talks about "additional mutually authenticated". NETCONF implementations SHOULD follow the TLS recommendations given in [RFC9325]. It's kind of weird to have a SHOULD here pointing to a document that has MUSTs in it. I would either use a MUST here, or no BCP14 language at all. NITS: [I-D.ietf-uta-rfc6125bis] is now RFC9525
- [netconf] Paul Wouters' Discuss on draft-ietf-net… Paul Wouters via Datatracker
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Sean Turner
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Rob Sayre
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Paul Wouters
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Sean Turner
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Kent Watsen
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Sean Turner
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Paul Wouters
- Re: [netconf] Paul Wouters' Discuss on draft-ietf… Sean Turner