On Thu, Jul 14, 2022 at 4:34 AM Thomas Fossati <Thomas.Fossati@xxxxxxx> wrote:
On Thursday, 14 July 2022 at 06:43, Rob Sayre <sayrer@xxxxxxxxx> wrote:
> Sure, mandate TLS 1.2 support. That seems like a really good idea.
This statement is slightly inaccurate: the document mandates support of
a significantly restricted profile of (D)TLS 1.2 -- likely the same
thing that Martin Thomson alluded to in another email when talking about
the "good protocol hidden in there".
Right. Some believe that TLS 1.2 (2008) can be made acceptable with several restrictions. One recent effort is from December 2021 (RFC 9155).
My point is that it should not be mandated in this new draft (revising a 2015 recommendation), but everything in the draft covering 1.2 is worth documenting. I believe I made a very reasonable suggestion here: cover the maximal-compatibility concerns for 1.2, but recommend 1.3 and don't require 1.2.
Further, the TLS WG doesn't tend to add new features to TLS 1.2, so by requiring this older version the IETF would be mandating non-support for TLS 1.3 features.
The document will send a message either way, though. I guess that's one way of interpreting "rough consensus and running code".
thanks,
Rob
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
