Rob _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
The latest draft shows TLS 1.2 as a MUST (sections 3.1 and 3.2). Based
on a thread about this from last year I was under the impression that it
was going to be relaxed to a SHOULD with most likely TLS 1.0 (or
posssibly SSLv3) as a MUST. I think it's a bit unrealistic to require
1.2 when many systems out there can't support it. IMO this is going to
be a big stumbling block for people to implement a compliant OAuth
system. Even PCI doesn't require 1.2.
- [OAUTH-WG] TLS 1.2 Rob Richards
- Re: [OAUTH-WG] TLS 1.2 Rob Richards
- Re: [OAUTH-WG] TLS 1.2 Justin Richer
- Re: [OAUTH-WG] TLS 1.2 Eran Hammer-Lahav
- Re: [OAUTH-WG] TLS 1.2 Peter Saint-Andre
- Re: [OAUTH-WG] TLS 1.2 Phillip Hunt
- Re: [OAUTH-WG] TLS 1.2 Rob Richards
- Re: [OAUTH-WG] TLS 1.2 Eran Hammer-Lahav
- Re: [OAUTH-WG] TLS 1.2 Rob Richards
- Re: [OAUTH-WG] TLS 1.2 Lu, Hui-Lan (Huilan)
