Re: Updating the rules?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Russ Housley wrote:
That is not the way the document arrived to the IESG.  It said:

   The type of authentication deployed is a local decision made by the
   server operator.  Clients are likely to face authentication schemes
   that vary across server deployments.  At a minimum, client and server
   implementations MUST be capable of being configured to use HTTP Basic
   Authentication [RFC2617] in conjunction with a TLS [RFC2246]
   connection as defined in [RFC2818] (but note that [RFC2246] has been
   superseded by [RFC4346]).  See [RFC4346] for more information on TLS.

The normative reference cites TLS 1.0, making it the only version that is permitted.

Russ

Yes, and that problem was known when it was submitted (together with confusing statement about RFC4346 which follows in the next sentence).

Originally the WG didn't want to put it any MTI requirement at all. As far as I can recall, we ended up with the text that was submitted because we were told that "this is what you need to do to get IESG approval".

The changes made in the latest draft clearly are an improvement over the text that was submitted, and hopefully the spec can now proceed.

Best regards and sorry for the confusion,

Julian

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]