Re: Updating the rules?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



That is not the way the document arrived to the IESG.  It said:

   The type of authentication deployed is a local decision made by the
   server operator.  Clients are likely to face authentication schemes
   that vary across server deployments.  At a minimum, client and server
   implementations MUST be capable of being configured to use HTTP Basic
   Authentication [RFC2617] in conjunction with a TLS [RFC2246]
   connection as defined in [RFC2818] (but note that [RFC2246] has been
   superseded by [RFC4346]).  See [RFC4346] for more information on TLS.

The normative reference cites TLS 1.0, making it the only version that is permitted.

Russ


At 02:33 PM 7/13/2007, Julian Reschke wrote:
Russ Housley wrote:
No one had any concern with the version of TLS that was selected by the working group. However, there were two things that cause me to want a change. I'll let others provide their own point of view.
...

I'll have to point out that the preference of the working group IMHO was not to say anything at all with respect to this. As far as I recall, the text that ended up in the draft that was submitted to the IESG actually was proposed by the AD, and the WG just decided not to care.

Best regards, Julian



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]