IETF Last Call Review of draft-ietf-tls-deprecate-obsolete-kex-05
review-ietf-tls-deprecate-obsolete-kex-05-secdir-lc-harkins-2025-05-12-00

   Hello,

   Apologize for the tardiness of this, the assignment just fell off
my plate.

    I have reviewed this document as part of the security directorate's
  ongoing effort to review all IETF documents being processed by the
  IESG. These comments were written primarily for the benefit of the
  security area directors. Document editors and WG chairs should treat
  these comments just like any other last call comments.

   This draft deprecates some key exchanges-- RSA and finite field
Diffie-Hellman-- from TLS 1.2. I find the arguments to deprecate
things in a protocol because of implementation issues or
interoperability issues or because of what "operators" do somewhat
unpersuasive but there do seem to also be valid technical reasons
to do this and, importantly, it does not seem like any capabilities
will be lost by deprecating this stuff so go for it.

   The summary of the review is Ready.

   regards,

   Dan.

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius