Eric Rescorla wrote:
I agree that these specs should explicitly specify which TLS version
to support. As a practical matter, this is either 1.0 or 1.1, since
1.2 is not yet finished. Unfortunately, which one to require isn't
really something that can be decided on technical grounds: the
protocols are very slightly different and (at least in theory)
backward compatible. TLS 1.1 is slightly more secure and TLS 1.0 is
quite a bit more widely deployed.
On balance, I think this probably turns into a MUST for 1.0 and a
SHOULD for 1.1, but I could certainly see this argued another way.
I noticed that atompub is on next Thursday's IESG agenda. Any news on
how this issue will be resolved?
Best regards, Julian
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf