> On 12. 4. 2012, at 9:11, SM wrote: > > At 18:41 11-04-2012, The IESG wrote: > >> The IESG has received a request from the DNS-based Authentication of > >> Named Entities WG (dane) to consider the following document: > >> - 'The DNS-Based Authentication of Named Entities (DANE) Protocol for > >> Transport Layer Security (TLS)' > >> <draft-ietf-dane-protocol-19.txt> as a Proposed Standard > >> > >> The IESG plans to make a decision in the next few weeks, and solicits > >> final comments on this action. Please send substantive comments to the > >> ietf@xxxxxxxx mailing lists by 2012-04-25. Exceptionally, comments may be > > > > In Section 1.2: > > > > "This document applies to both TLS [RFC5246]" > > > > Does this mean that DANE is not applicable for TLS 1.1? > RFC4346 (TLS 1.1) has been obsoleted by RFC5246. We cannot make references > to obsoleted documents. As a side note, we don't say "to both TLS 1.2", but > just TLS. I have no involvement with DANE or the rest of this debate, but I wanted to point out that this simply isn't true. IDNits warnings to the contrary notwithstanding, references to obsoleted specifications are not only allowed, but in some cases absolutely required. It all depends on what the reference is for. If you're making a normative reference to some protocol element that's supposed to interoperate with current versions, you need to reference the latest version. If, however, as in this case, you're talking about interoperating with multiple versions of TLS, you really need to reference the specifications you intend to support. Because otherwise readers are going to assume that you only mean TLS 1.2 here, irrespective of whether or not you omit the specific version in prose. Ned