Document: draft-ietf-tls-deprecate-obsolete-kex
Title: Deprecating Obsolete Key Exchange Methods in (D)TLS 1.2
Reviewer: Valery Smyslov
Review result: Ready with Nits
I am the assigned ART directorate reviewer for this document. These comments
were written primarily for the benefit of the ART area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.
I previously reviewed -04 version of the draft. Since that version most of my
points have been addressed (the point with intended document status has been
re-routed to the IESG). I still have few minor issues.
1. Perhaps some text should be added about potential interoperability problems
(or, as we hope, the lack of such) caused by deprecation of the mentioned key
exchnage methods. If this could be backed up by some figures from real word, it
would be great.
2. Section 2, last para last sentence:
These values only apply to (D)TLS versions of 1.2 and
below.
The text in the preceeding paras contains clarification that TLS 1.0 and TLS
1.1 have been already deprecated ("Note that TLS 1.0 and 1.1 are deprecated by
[RFC8996]") and thus they are implicitly out of scope. I wonder whether this
clarification should also be added here for consistency, since the draft
explicitly states in the Abstract that it is only concerned with (D)TLS1.2 and
not with earlier (D)TLS versions, which are already deprecated.
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
