On 10/26/14, 1:26 PM, Paul Hoffman wrote:
4.2:
o In many application protocols, clients can be configured to use
TLS even if the server has not advertised that TLS is mandatory or
even supported (e.g., this is often the case in messaging
protocols such as IMAP and XMPP).
What is "advertised" supposed to mean here? The above is certainly not true for
STARTTLS-style protocols. If this is meant to cover protocols that use URI schemes that might or
might not end is "s", those are not server advertisements. I'm not sure how to reword
this because it is too unclear.
I propose:
o In many application protocols, clients can be configured to use
TLS no matter whether the server offers TLS during a protocol
exchange or advertises support for TLS (e.g., through a flag
indicating that TLS is required). Application clients SHOULD use
TLS by default, and disable this default only through explicit
configuration by the user.
Peter
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
