It was just a minor comment. I can live with the current text. The important thing to change is the related sentences
“When the API allows it, clients SHOULD specify just the minimum version they want. This SHOULD be TLS 1.3 or TLS 1.2, depending on the circumstances described in the above paragraphs.” This must be changed to make it very clear that TLS 1.1 and lower MUST NOT be the minimum version. Clients MUST NOT specify a minimum version lower than TLS 1.2 and APIs MUST NOT allow a minimum version lower than TLS 1.2. Cheers, John From: Salz, Rich <[email protected]> Date: Wednesday, 4 December 2024 at 15:26 To: John Mattsson <[email protected]>, [email protected] <[email protected]> Subject: Re: [Uta] Re: WGLC for draft-ietf-uta-require-tls13-02 >Any new protocol that uses TLS MUST specify as its default TLS 1.3. This does not age well if TLS 1.4 is done. I suggest changing to 1.3 or later. We did have a short discussion in person and on-list about this. Here’s a message from the latter: https://mailarchive.ietf.org/arch/msg/uta/p7qohfJMWx9nn_IXR-3z-2EXZvc/
_______________________________________________ Uta mailing list -- [email protected] To unsubscribe send an email to [email protected]
