Last Call Review of draft-ietf-uta-tls-for-email-03
review-ietf-uta-tls-for-email-03-secdir-lc-perlman-2020-02-06-00

Request Review of draft-ietf-uta-tls-for-email
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2020-01-31
Requested 2020-01-17
Authors Loganaden Velvindron, Stephen Farrell
Draft last updated 2020-02-06
Completed reviews Secdir Last Call review of -03 by Radia Perlman (diff)
Genart Last Call review of -04 by Brian Carpenter
Assignment Reviewer Radia Perlman
State Completed
Review review-ietf-uta-tls-for-email-03-secdir-lc-perlman-2020-02-06
Posted at https://mailarchive.ietf.org/arch/msg/secdir/YXVQRUcykEWKwxP12foefzbz9zo
Reviewed rev. 03 (document currently at 04)
Review result Has Nits
Review completed: 2020-01-30

Review
review-ietf-uta-tls-for-email-03-secdir-lc-perlman-2020-02-06

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This is an utterly trivial and non-controversial update to RFC8314 changing
references to TLS v1.1 to TLSv1.2 as the minimum acceptable version of TLS
to use for this purpose.

While there is nothing to debate with respect to security, I do question
whether it's better to release a document like this which specifies changes
to RFC8314 or whether it would be better to update (and obsolete) that
document so that this one would stand alone. Better yet would be to come up
with a replacement version of RFC8314 that would not need to be updated
again when TLSv1.2 needs to be replaced with TLSv1.3. Introducing new
versions of TLS and obsoleting old ones should happen without having to
update the - likely hundreds of - RFCs that refer to TLS.

Radia