On Fri, May 3, 2019 at 8:31 PM Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > why not also add MUST NOT MD5 and SHA1 in TLS 1.2 to the text?
Because the document has now such a direct and ambitious title that ~most of the target audience won't even read the text beyond the title, hence this message won't be delivered. This is exactly the trick (but with exactly the opposite sign) PCI SSC performed three years ago when they published the document called "Migrating from SSL and Early TLS, version 1.1" and the general public widely believed that the document deprecated TLS 1.1 while what it literally meant under "Early TLS" was ultimately TLS 1.0. Only the *document version* was 1.1, but it was enough for quite a lot of people who sometimes didn't even read the document at all but rather sticked to short summaries by Arstechnica, The Register and the likes (who, in turn, quite frequently don't read documents carefully themselves). Might play well though if the title is changed. -- Töma _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
