On Wed, Jul 13, 2022 at 11:53 AM Rob Sayre <[email protected]> wrote: > On Wed, Jul 13, 2022 at 11:28 AM Peter Saint-Andre <[email protected]> > wrote: > > I think the bullet point section, "SSL/TLS Protocol Versions", fails to > convey the requirements here (I can't even tell what they are). > > The section also says > > "Even if a TLS implementation defaults to TLS 1.3, as long as it supports > TLS 1.2 it MUST follow all the recommendations in this document." > > That seems to suggest that the section should be reorganized to document > what must be done if supporting TLS 1.2, and also highlight that it is > optional. >
Also, in the realm of opinion rather than correctness: mandating TLS 1.2 support is misguided. Every TLS implementation maintains divided codebases for 1.2 vs 1.3. No one reads the TLS 1.2 code very closely these days, in my experience, so the BCP would be mandating support for something people don't really work on anymore. I think it would be fine to note that some implementations might not be able to use TLS 1.3. That is something people should know. thanks, Rob
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
