On Feb 17, 2015, at 3:53 PM, Peter Saint-Andre - &yet <pe...@andyet.net> wrote:
>>> The text above also slightly skirts the case where an existing >>> protocol is being updated for some other reason besides modernizing >>> its TLS/DTLS usage. So if the Foo protocol required support for weaker >>> ciphers than what the BCP requires/recommends, and someone writes >>> Foobis for the purpose of making non-TLS-related updates, do we expect >>> Foobis to conform to the BCP? Or continue to require support for >>> weaker ciphers for interoperability purposes? Or both? Or leave it up >>> to the consensus at the time of Foobis publication? Would be good to >>> clarify that case further I think. >>> >> >> In fact I think the text addresses exactly this case, by making the >> update conditional on "the community... wishing to modernize [the >> protocol's] usage of TLS". In other words, what works for one community >> may not work for another, e.g. for reasons of interoperability. > > I agree with Yaron here. One example that came up during WG discussion of > this document was certain IoT protocols, since the relevant devices might not > have support for all of the necessary algorithms. Instead of building in an > explicit carve-out for those protocols, we felt it was better for those > communities to decide how they wanted to proceed. Ok, fair enough. I would personally find it a little better to make that more explicit in the document, but will not quibble over it. Thanks, Alissa > > Peter > > -- > Peter Saint-Andre > https://andyet.com/ > _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
