On Wed, Nov 22, 2023 at 2:07 PM Russ Housley <housley@xxxxxxxxxxxx> wrote:
Rob:You are right. I forgot about a discussion we had in the NETCONF WG. They do not want to be evolutionary. They decided to continue to require TLS 1.2 for now, but allow TLS 1.3. In the future, an activity (often called nextconf) will shift the MUST to TLS 1.3.
OK, but here we can see that the draft sort of conflicts with RFC 9325. This would seem to be a protocol where you really can require TLS 1.3, if it makes sense. I don't have any objection to describing the TLS 1.2 requirements, but requiring TLS 1.2 itself seems kind of weird. So, I think falling back on the (IETF consensus) RFC 9325 framing would be good.
thanks,
Rob
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
