On 10/25/17 3:57 PM, Viktor Dukhovni wrote: > > The middle paragraph leaves room for setting a somewhat higher floor > for authenticated channels, and it would not be entirely inappropriate > for STS to provide some guidance to server operations of the required > minimum security. Thus perhaps servers must support at least TLS 1.2, > and at least the associated MTI ciphersuites. Which is different from > requiring that clients or servers reject weaker options, but given such > a server requirement, it would not be too unreasonable for STS clients > to in fact require at least TLS 1.2 and its MIT ciphersuites from STS > servers.
This is all good guidance, and it's all advisory (and in an informational RFC, as well). What I was concerned about was the MUST NOT you had included in your previous message. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta