Telechat Review of draft-ietf-tls-deprecate-obsolete-kex-06
review-ietf-tls-deprecate-obsolete-kex-06-artart-telechat-smyslov-2025-06-27-00
| Request | Review of | draft-ietf-tls-deprecate-obsolete-kex |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Telechat Review | |
| Team | ART Area Review Team (artart) | |
| Deadline | 2025-07-08 | |
| Requested | 2025-06-23 | |
| Authors | Nimrod Aviram | |
| I-D last updated | 2025-07-10 (Latest revision 2025-06-23) | |
| Completed reviews |
Secdir IETF Last Call review of -05
by Dan Harkins
(diff)
Genart IETF Last Call review of -05 by Mallory Knodel (diff) Artart IETF Last Call review of -05 by Valery Smyslov (diff) Opsdir IETF Last Call review of -05 by Menachem Dodge (diff) Artart Telechat review of -06 by Valery Smyslov |
|
| Assignment | Reviewer | Valery Smyslov |
| State | Completed | |
| Request | Telechat review on draft-ietf-tls-deprecate-obsolete-kex by ART Area Review Team Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/art/mzNz7hF0z2emeEthnTY0VHMsKkA | |
| Reviewed revision | 06 | |
| Result | Ready w/nits | |
| Completed | 2025-06-27 |
review-ietf-tls-deprecate-obsolete-kex-06-artart-telechat-smyslov-2025-06-27-00
I am the assigned ART directorate reviewer for this document. These comments
were written primarily for the benefit of the ART area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.
I previously reviewed -04 version of the draft. Since that version most of my
points have been addressed (the point with intended document status has been
re-routed to the IESG). I still have few minor issues.
1. Perhaps some text should be added about potential interoperability problems
(or, as we hope, the lack of such) caused by deprecation of the mentioned key
exchnage methods. If this could be backed up by some figures from real word, it
would be great.
2. Section 2, last para last sentence:
These values only apply to (D)TLS versions of 1.2 and
below.
The text in the preceeding paras contains clarification that TLS 1.0 and TLS
1.1 have been already deprecated ("Note that TLS 1.0 and 1.1 are deprecated by
[RFC8996]") and thus they are implicitly out of scope. I wonder whether this
clarification should also be added here for consistency, since the draft
explicitly states in the Abstract that it is only concerned with (D)TLS1.2 and
not with earlier (D)TLS versions, which are already deprecated.