On 12/1/20 4:29 AM, Peter Gutmann wrote:
I think all it needs is something along the lines of "This BCP applies to TLS
as used on the public Internet [Not part of the text but meaning the area that
the IETF creates standards for].
Not specifically relevant to this draft, but: Is it actually defined
anywhere that IETF standards only apply to the public Internet? IMO
IETF needs to realize that implementations of its standards are used
outside of the public Internet and consider that when writing its
documents. (even though different rules may be appropriate on private
and mostly-isolated networks)
Keith
p.s. I keep thinking that this "MUST NOT TLS < 1.2" recommendation is
like a public health recommendation, one that is worded over-simply to
try to make it have maximum useful effect but perhaps to the point of
being misleading or even harmful. e.g. "You MUST wear masks to reduce
the spread of COVID-19", but not saying "oh yeah, if you're outdoors and
not around other people you're probably fine without a mask" and "masks
are pointless if you only wear them over your mouths or chins", and "the
masks that have valves in them to allow exhaled breath to exit unimpeded
are also useless for this purpose" and "you need to wear them when
indoors and around co-workers, not merely when customers or visitors are
present". At least where I live I see so many people using masks in
ineffective ways that I don't think the simple recommendation is
working, though I'm not sure that a more detailed recommendation would
work better.
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
