Adam,
Thanks for your comments. The WG discussed the question of guidance for
key rotation and came to the conclusion that we didn't have much useful
to say as a consensus matter, so we opted to remain silent.
-Ekr
On Wed, Mar 5, 2025 at 12:45 PM Adam Montville via Datatracker <noreply@xxxxxxxx> wrote:
Reviewer: Adam Montville
Review result: Ready
Based on my review of this draft I would classify it as "ready" for
publication, with some minor caveats that don’t fundamentally undermine its
readiness.The draft defines a clear, well-specified mechanism for encrypting
the ClientHello. It leverages established cryptographic primitives and
preserves existing TLS 1.3 security properties. The threat model is thoroughly
addressed with a formal analysis documented in a reference.
If it is possible (possibly not in this drat) to offer more detailed
operational guidance on key rotation, that would be helpful. There are some
points in the document that might allude to implementation-specific
configuration choices. Implementations would ideally expose these choices to
operators so they can make the best possible choices for their needs.
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
