On 7/13/22 1:18 PM, Rob Sayre wrote:
On Wed, Jul 13, 2022 at 11:53 AM Rob Sayre <[email protected]
<mailto:[email protected]>> wrote:
On Wed, Jul 13, 2022 at 11:28 AM Peter Saint-Andre
<[email protected] <mailto:[email protected]>> wrote:
I think the bullet point section, "SSL/TLS Protocol Versions",
fails to convey the requirements here (I can't even tell what they
are).
The section also says
"Even if a TLS implementation defaults to TLS 1.3, as long as it
supports TLS 1.2 it MUST follow all the recommendations in this
document."
That seems to suggest that the section should be reorganized to
document what must be done if supporting TLS 1.2, and also highlight
that it is optional.
Also, in the realm of opinion rather than correctness: mandating TLS 1.2
support is misguided. Every TLS implementation maintains divided
codebases for 1.2 vs 1.3. No one reads the TLS 1.2 code very closely
these days, in my experience, so the BCP would be mandating support for
something people don't really work on anymore.
Are you suggesting that the best current practice for implementations
and deployments of TLS is to support and negotiate only TLS 1.3? The
sense of the UTA WG was it's premature to say that currently, although
presumably we'll be ready to say that in 7525ter...
Peter
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
