I disagree here as those other implementations just need to make their own business risk decisions and put in place an exception process. One option in the risk decision process is to accept risk, you can also mitigate, eliminate, or transfer the risk.
Best regards, Kathleen Sent from my mobile device > On Dec 1, 2020, at 7:57 AM, Keith Moore <mo...@network-heretics.com> wrote: > > On 12/1/20 4:29 AM, Peter Gutmann wrote: > >> I think all it needs is something along the lines of "This BCP applies to TLS >> as used on the public Internet [Not part of the text but meaning the area >> that >> the IETF creates standards for]. > > Not specifically relevant to this draft, but: Is it actually defined > anywhere that IETF standards only apply to the public Internet? IMO IETF > needs to realize that implementations of its standards are used outside of > the public Internet and consider that when writing its documents. (even > though different rules may be appropriate on private and mostly-isolated > networks) > > Keith > > p.s. I keep thinking that this "MUST NOT TLS < 1.2" recommendation is like a > public health recommendation, one that is worded over-simply to try to make > it have maximum useful effect but perhaps to the point of being misleading or > even harmful. e.g. "You MUST wear masks to reduce the spread of COVID-19", > but not saying "oh yeah, if you're outdoors and not around other people > you're probably fine without a mask" and "masks are pointless if you only > wear them over your mouths or chins", and "the masks that have valves in them > to allow exhaled breath to exit unimpeded are also useless for this purpose" > and "you need to wear them when indoors and around co-workers, not merely > when customers or visitors are present". At least where I live I see so many > people using masks in ineffective ways that I don't think the simple > recommendation is working, though I'm not sure that a more detailed > recommendation would work better. > > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
