On Thu, Nov 23, 2023 at 1:32 AM Rob Wilton (rwilton) <rwilton@xxxxxxxxx> wrote:
If we create a new version of NETCONF over the next few years, which is seeming a bit more likely, then mandating TLS 1.3 (or later) for that new version makes more sense to me since other development and changes will be happening at the same time and so it seems like a natural time to update to the latest security as well.
Hi,
I think it's just a matter of allowing a transition to TLS 1.3-only to begin now. I definitely agree that most implementations will continue to support TLS 1.2, so I'm not sure what the MUST for TLS 1.2 really does here. It sounds like the WG wants to wait another 5 years or so for that transition, by which time TLS 1.2 will be 20 years old. If that's the case, ok, but that seems really slow to me.
thanks,
Rob
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
