On 7/13/22 3:00 PM, Salz, Rich wrote:
* It is definitely the "BCP" already--there are good reasons not to
support TLS 1.2 on a server, and good reasons for clients not to
connect to a server that negotiates it.
What are they?
Good question.
This document has been through two WGLCs and IETF Last Call, and is now
in IESG review. It seems somewhat late in the process to be making a
controversial change like deprecating TLS 1.2 *in this document* given
that as far as I can see there is no IETF consensus to do so (e.g., such
a consensus could be established by publishing an RFC that declares TLS
1.2 to be obsolete, as RFC 8996 did for TLS 1.0 and TLS 1.1). IMHO we
could take this step whenever we publish rfc7525ter (the document that
obsoletes draft-ietf-uta-rfc7525bis, whenever that happens).
Peter
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
