Since there is so much agreement and peace in the air, I would through
a little editorial query:
Would it not be better to say "the appropriate version" instead of this
somewaht lawyerish "version (or versions)"?
Igor
On 1/20/2012 3:44 PM, Barry Leiba wrote:
Added to section 1:
TLS Version
Whenever TLS is required by this specification, the appropriate
version (or versions) of
TLS will vary over time, based on the widespread deployment and known
security
vulnerabilities. At the time of this writing, TLS version 1.2<xref
target='RFC5246' />
is the most recent version, but has a very limited deployment base
and might not be
readily available for implementation. TLS version 1.0<xref
target='RFC2246' /> is the
most widely deployed version, and will provide the broadest
interoperability.
Implementations MAY also support additional transport-layer
mechanisms that meet their
security requirements.
And referenced this section when TLS requirements were previously defined.
That seems like a very sensible way to organize it; thanks.
Barry
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
