On 3/14/07, EKR <ekr@xxxxxxxxxxxxxxxxxxxx> wrote:
Julian Reschke <julian.reschke@xxxxxx> writes: > > As pointed out before, that text really is confusing. As a reader. I'm > left wondering whether I need to implement RFC2246 or RFC4346. Or both? I wish I knew the answer to this question as well... :) Seriously, we're shortly going three separate versions of TLS standardized, 1.0, 1.1, and 1.2, plus SSLv3. So, the question of what to require implementors to do is a tricky one that actually doesn't have that much to do with TLS :)
Here's a diff of the changes since last call: <http://bitworking.org/projects/atom/draft-ietf-atompub-protocol-15-from-14.diff.html> It's not clear whether there will be another last call, though I think there should be. So, I will leave my comments again. I didn't see any working group comments on the topic. I think the substituted text is inadequate, because it is not clear which TLS version implementors MUST support. As I understand it, the fact that it is "tricky", implying there may be trade-offs, is not sufficient to avoid specifying a single, mandatory-to-implement TLS version. -- Robert Sayre _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf