On 7/13/22 1:18 PM, Rob Sayre wrote:
On Wed, Jul 13, 2022 at 11:53 AM Rob Sayre <sayrer@xxxxxxxxx
<mailto:sayrer@xxxxxxxxx>> wrote:
On Wed, Jul 13, 2022 at 11:28 AM Peter Saint-Andre
<stpeter@xxxxxxxxxx <mailto:stpeter@xxxxxxxxxx>> wrote:
I think the bullet point section, "SSL/TLS Protocol Versions",
fails to convey the requirements here (I can't even tell what they
are).
The section also says
"Even if a TLS implementation defaults to TLS 1.3, as long as it
supports TLS 1.2 it MUST follow all the recommendations in this
document."
That seems to suggest that the section should be reorganized to
document what must be done if supporting TLS 1.2, and also highlight
that it is optional.
Also, in the realm of opinion rather than correctness: mandating TLS 1.2
support is misguided. Every TLS implementation maintains divided
codebases for 1.2 vs 1.3. No one reads the TLS 1.2 code very closely
these days, in my experience, so the BCP would be mandating support for
something people don't really work on anymore.
Are you suggesting that the best current practice for implementations
and deployments of TLS is to support and negotiate only TLS 1.3? The
sense of the UTA WG was it's premature to say that currently, although
presumably we'll be ready to say that in 7525ter...
Peter
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
