Peter St. Andre wrote: > For example, based on knowledge about the deployed > base for an existing application protocol and a cost-benefit analysis > regarding cryptographic strength vs. computational load, a given > service provider might decide to disable TLS 1.2 entirely and offer > only TLS 1.3.
I'm sorry I'm being a pest about this issue. I agree with the text you have here, and support adding it, but why can't implementations make the same choice and not implement 1.2? If we use TLS 1.3-only Fizz[0] as an example, would this document imply it is not following Best Current Practice? If that's the case, can the document state the reason for the "MUST support TLS 1.2"? I believe there's a missing explanation there. thanks, Rob [0] https://github.com/facebookincubator/fizz (I have nothing to do with it, so I'm not advocating for it specifically, although I think it's pretty good)
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
