Yaron Sheffer <yaronf.i...@gmail.com> writes: >Specifically, RFC 9325 [1] published a mere two years ago is not even >referenced in the draft, let alone a comparison made with these deployment >recommendations that were made by the very same IETF. (Yes you can hear my >frustration coming through).
In defence of the -LTS draft, RFC 9325 postdates it by six years, so there wasn't anything to reference at the time. I'm also not certain how much overlap there is between the two, for example 9325 contains quite a lot of stuff (older TLS versions, compression, DTLS, fallback, RC4, NULL cipher suites, RSA key transport, etc) that has no bearing on what's in -LTS which means it could cause confusion if someone tries to apply it to things that mostly don't exist in -LTS. Having said that, now that my attention has been drawn to it :-), I'd be happy to include a note along the lines of "further advice on secure use of TLS may be found in RFC 9325", it would certainly fit in with what -LTS is trying to achieve. Peter. _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
