That is not the way the document arrived to the IESG. It said:
The type of authentication deployed is a local decision made by the
server operator. Clients are likely to face authentication schemes
that vary across server deployments. At a minimum, client and server
implementations MUST be capable of being configured to use HTTP Basic
Authentication [RFC2617] in conjunction with a TLS [RFC2246]
connection as defined in [RFC2818] (but note that [RFC2246] has been
superseded by [RFC4346]). See [RFC4346] for more information on TLS.
The normative reference cites TLS 1.0, making it the only version
that is permitted.
Russ
At 02:33 PM 7/13/2007, Julian Reschke wrote:
Russ Housley wrote:
No one had any concern with the version of TLS that was selected by
the working group. However, there were two things that cause me to
want a change. I'll let others provide their own point of view.
...
I'll have to point out that the preference of the working group IMHO
was not to say anything at all with respect to this. As far as I
recall, the text that ended up in the draft that was submitted to
the IESG actually was proposed by the AD, and the WG just decided not to care.
Best regards, Julian
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf