Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Sunday, May 20, 2007 01:41:29 PM -0700 Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx> wrote:

I agree that these specs should explicitly specify which TLS version
to support. As a practical matter, this is either 1.0 or 1.1, since
1.2 is not yet finished. Unfortunately, which one to require isn't
really something that can be decided on technical grounds: the
protocols are very slightly different and (at least in theory)
backward compatible. TLS 1.1 is slightly more secure and TLS 1.0 is
quite a bit more widely deployed.

On balance, I think this probably turns into a MUST for 1.0 and a
SHOULD for 1.1, but I could certainly see this argued another way.


It seems to me that specs should _not_ explicitly specify which TLS version to support, and should instead refer to an STD number. Applications don't generally specify which verisons of IP or TCP to use, and TLS is at a similar level of abstraction -- except that the situation is not as painful, because using a different version of IP means you have to use completely different names, whereas using a different version of TLS does not.

-- Jeff

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]