> On May 3, 2019, at 1:30 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
>
> Having said that, given an RFC saying MUST NOT 1.0 and 1.1 which is what the
> original discussion was about, why not also add MUST NOT MD5 and SHA1 in TLS
> 1.2 to the text?
And perhaps MUST EtM, ... which starts to look a lot like "must TLS-LTS"... :-)
If we really are raising the floor, just the protocol version is ultimately only
part of the story. The whole story is TLS 1.2 minus a lot of options plus a few
requirements.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
