We should relax it. Just need someone to propose new language. EHL
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Justin Richer > Sent: Tuesday, August 16, 2011 12:49 PM > To: Rob Richards > Cc: [email protected] > Subject: Re: [OAUTH-WG] TLS 1.2 > > As I recall, the logic of the group here was something like: > > "We want transport-layer encryption, so let's grab the latest version of that > around, which looks to be TLS 1.2" > > With that logic in mind, this relaxation makes sense to me. Does anyone > remember this requirement differently? > > -- Justin > (who admittedly couldn't tell the difference between SSL and TLS) > > On Tue, 2011-08-16 at 15:36 -0400, Rob Richards wrote: > > I wanted to follow up on this and see if there was any consideration > > to relaxing this requirement. Can someone actually point me to a > > compliant implementation using TLS 1.2 because after looking at a > > number of them, I have yet to find one that does. > > > > Rob > > > > On 8/12/11 3:56 PM, Rob Richards wrote: > > > The latest draft shows TLS 1.2 as a MUST (sections 3.1 and 3.2). > > > Based on a thread about this from last year I was under the > > > impression that it was going to be relaxed to a SHOULD with most > > > likely TLS 1.0 (or posssibly SSLv3) as a MUST. I think it's a bit > > > unrealistic to require > > > 1.2 when many systems out there can't support it. IMO this is going > > > to be a big stumbling block for people to implement a compliant > > > OAuth system. Even PCI doesn't require 1.2. > > > > > > Rob > > > _______________________________________________ > > > OAuth mailing list > > > [email protected] > > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
