openpgp-pqc / draft-openpgp-pqc

Repository of the WIP draft-ietf-openpgp-pqc

Other

8 stars 2 forks source link

Should we have normative statements in the Security Considerations? #14

Closed falko-strenzke closed 1 year ago

falko-strenzke commented 1 year ago

Falko's original remark

In the Security Considerations, under Section 8.5, a normative statement is made ("MUST NOT"). In my understanding, normative statements do not belong in the Security Considerations, but under one of the normative sections.

Comment by Aron (from previous issue)

This is technically already in the crypto-refresh: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-12.2.3

I would like to reiterate here in the security considerations

falko-strenzke commented 1 year ago

Minutes meeting 2023-01-19:

Andreas: normative statement should be in EC section
Aron: have no such section
Stavros: section 1
Falko: sec 1 not normative
Aron: move normative statement to sec 1
Aron and Falko: make new section 2 with normative preliminaries

falko-strenzke commented 1 year ago

Adressed in https://github.com/openpgp-pqc/draft-openpgp-pqc/pull/21