On Wed, Jul 13, 2022 at 11:53 AM Rob Sayre <sayrer@xxxxxxxxx> wrote:
On Wed, Jul 13, 2022 at 11:28 AM Peter Saint-Andre <stpeter@xxxxxxxxxx> wrote:I think the bullet point section, "SSL/TLS Protocol Versions", fails to convey the requirements here (I can't even tell what they are).The section also says"Even if a TLS implementation defaults to TLS 1.3, as long as it supports TLS 1.2 it MUST follow all the recommendations in this document."That seems to suggest that the section should be reorganized to document what must be done if supporting TLS 1.2, and also highlight that it is optional.
Also, in the realm of opinion rather than correctness: mandating TLS 1.2 support is misguided. Every TLS implementation maintains divided codebases for 1.2 vs 1.3. No one reads the TLS 1.2 code very closely these days, in my experience, so the BCP would be mandating support for something people don't really work on anymore.
I think it would be fine to note that some implementations might not be able to use TLS 1.3. That is something people should know.
thanks,
Rob
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
