Hi Stephen,
That's why I suggest draft-ietf-tls-oldversions-deprecate does not
update RFC 4642. It is no longer useful.
Are you OK with this analysis?
Sorta:-) I think these are overlapping but not quite
identical updates. E.g. IIUC 8143 doesn't say to not
use TLSv1.1. I added the sentence below to the editor's
copy [1], but happy to do something else if I'm wrong,
which is entirely possible;-)
RFC 8143 (updating RFC 4642) states in Section 3:
The best current practices documented in [BCP195] apply here.
Therefore, NNTP implementations and deployments compliant with this
document are REQUIRED to comply with [BCP195] as well.
And RFC 7525 (belonging to BCP 195) states in Section 3.1.1:
o Implementations SHOULD NOT negotiate TLS version 1.1
[...]
o Implementations MUST support TLS 1.2 [RFC5246] and MUST prefer to
negotiate TLS version 1.2 over earlier versions of TLS.
That's why I thought RFC 8143 was already requiring not to use TLS 1.1.
Incidentally, in the Abstract of draft-ietf-tls-oldversions-deprecate,
it is said that this document updates RFC 7525, but RFC 7525 does not
appear in the Updates list. Shouldn't it be added?
--
Julien ÉLIE
« Le rire est une chose sérieuse avec laquelle il ne faut pas
plaisanter. » (Raymond Devos)
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
