I wanted to follow up on this and see if there was any consideration to
relaxing this requirement. Can someone actually point me to a compliant
implementation using TLS 1.2 because after looking at a number of them,
I have yet to find one that does.
Rob
On 8/12/11 3:56 PM, Rob Richards wrote:
The latest draft shows TLS 1.2 as a MUST (sections 3.1 and 3.2). Based
on a thread about this from last year I was under the impression that
it was going to be relaxed to a SHOULD with most likely TLS 1.0 (or
posssibly SSLv3) as a MUST. I think it's a bit unrealistic to require
1.2 when many systems out there can't support it. IMO this is going to
be a big stumbling block for people to implement a compliant OAuth
system. Even PCI doesn't require 1.2.
Rob
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
