On Sun, Oct 6, 2019 at 11:42 PM Benjamin Kaduk <ka...@mit.edu> wrote:
> > > > Shouldn't there be an informative reference? > > I think that's largely a question for the sponsoring AD (CC'd) and the RFC > Editor. > Well, I hope we can all agree that the document refers to an RFC without a citation in the references section. > > My assumption (I was not following the work) is that it was a well-known > fact among implementors at the time that some large implementations only > implemented DTLS 1.0. Accordingly, "might encounter interoperability > issues" is a bland uncontroversial fact, in that context. > That was definitely the case in November 2018, when the text was added: https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-rtcweb-security-arch-17.txt Chrome tried and failed to remove DTLS 1.0 in April 2019: https://bugs.chromium.org/p/webrtc/issues/detail?id=10261#c38 But now all major browsers are removing TLS 1.0 and 1.1 support in January of 2020: https://groups.google.com/forum/#!searchin/discuss-webrtc/dtls$201.0%7Csort:date/discuss-webrtc/Dsq_14_WoUk/U2vFXSYlCgAJ https://security.googleblog.com/2018/10/modernizing-transport-security.html So, it seems like endpoints that don't support DTLS 1.2 will soon be the ones "encountering interoperability issues". Not sure whether a change to draft-ietf-rtcweb-security-arch or an update in draft-ietf-tls-oldversions-deprecate is better. thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
