Sam Hartman wrote:
My preference is to resolve this by making 2818 normative; I believe we've already 3967'd 2818 so we don't need an additional last call on this one.
Is RFC 2818 sufficient to ensure interoperability? It would be quite easy for two implementations to claim to implement "TLS" and fail to interoperate. RFC 4346 contains mandatory cipher suites. Without those, conformant implementations could fail during authentication setup, right? The same danger would exist if the draft claimed "HTTP Authentication" must be supported without specifying a scheme.
- Rob _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf