On Wed, Jul 13, 2022 at 11:28 AM Peter Saint-Andre <stpeter@xxxxxxxxxx> wrote:
>
> It's very disappointing to me to see that we label a TLS 1.3-only
> implementation as non-compliant with the BCP for TLS usage; such an
> implementation is more secure than a joint 1.2+1.3 implementation.
> That said, I assume that the WG discussed this topic extensively and
> it seems somewhat unlikely that I have any new contributions to that
> discussion.
Even the authors are sometimes disappointed by what ends up in a BCP - I
know I felt that way about both RFC 6125 (wildcard certs!) and RFC 7525.
Personally I would be comfortable with changing TLS 1.3 from SHOULD
support to MUST support, but we'd need to see what the WG thinks.
I think the bullet point section, "SSL/TLS Protocol Versions", fails to convey the requirements here (I can't even tell what they are).
The section also says
"Even if a TLS implementation defaults to TLS 1.3, as long as it supports TLS 1.2 it MUST follow all the recommendations in this document."
That seems to suggest that the section should be reorganized to document what must be done if supporting TLS 1.2, and also highlight that it is optional.
thanks,
Rob
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
