I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This is an utterly trivial and non-controversial update to RFC8314 changing
references to TLS v1.1 to TLSv1.2 as the minimum acceptable version of TLS
to use for this purpose.

While there is nothing to debate with respect to security, I do question
whether it's better to release a document like this which specifies changes
to RFC8314 or whether it would be better to update (and obsolete) that
document so that this one would stand alone. Better yet would be to come up
with a replacement version of RFC8314 that would not need to be updated
again when TLSv1.2 needs to be replaced with TLSv1.3. Introducing new
versions of TLS and obsoleting old ones should happen without having to
update the - likely hundreds of - RFCs that refer to TLS.

Radia