Salz, Rich <rs...@akamai.com> writes: >> An actual profile of TLS would be something like MUST TLS 1.1 or above, >> MUST PFS suites, MUST AES and SHA256, MUST E-then-M (and by implication >> what isn't explicitly permitted is denied). > >HTTP-2 did this kind of thing, and IIRC are the first to do so.
Some PKI standards have done it too, but mostly because the base standard was such a mess that you needed a profile just to sort out what needed to be implemented for anything to work (for some level of "work"). They're such a design counterexample that I didn't want to mention them in my original message :-). Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
