On 5/18/07, Robert Sayre <sayrer@xxxxxxxxx> wrote:
I think the substituted text is inadequate, because it is not clear which TLS version implementors MUST support. As I understand it, the fact that it is "tricky", implying there may be trade-offs, is not sufficient to avoid specifying a single, mandatory-to-implement TLS version.
Well Rob, I think the community at large and the IESG in particular would welcome suggestions on what to do with this one. In fact, we know what's going to happen: implementors will use the default TLS library for whatever platform they're on, and this will do the job, most times. However, I think that we have better-than-rough consensus that the specification landscape is a mess, making normative references a bitch, and that this will probably bite nearly everything in the Apps area from here on in. I hope someone with the necessary expertise will take this bull by the horns. -Tim _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf