Just to clarify, I have no objection to the original text by Peter. Cheers, Orit.
> -----Original Message----- > From: Leif Johansson [mailto:le...@sunet.se] > Sent: Wednesday, February 18, 2015 11:19 AM > To: Peter Saint-Andre - &yet > Cc: Pete Resnick; Ralph Holz; uta-cha...@ietf.org; uta@ietf.org; Alissa > Cooper; > Orit Levin (LCA); Yaron Sheffer; draft-ietf-uta-tls-bcp....@ietf.org; IESG > Subject: Re: [Uta] Alissa Cooper's Discuss on draft-ietf-uta-tls-bcp-09: (with > DISCUSS and COMMENT) > > > > > > > 18 feb 2015 kl. 20:16 skrev Peter Saint-Andre - &yet <pe...@andyet.net>: > > > >> On 2/18/15 11:53 AM, Pete Resnick wrote: > >>> On 2/18/15 5:07 AM, Leif Johansson wrote: > >>> The idea of making best practice sorta-kinda normative makes me a bit > >>> queasy. > >> > >> Let's not forget that a BCP *is* a community consensus document. It > >> means that the IETF community has decided that we do things a particular > >> way. A BCP *is* normative. > >> > >> I think it's quite reasonable for the document to say, "MUST NOT > >> negotiate SSLv2" because doing otherwise causes harm to implementations > >> and to the net in general. There are no Internet police. If you violate > >> that MUST NOT, you don't go to jail. We're simply saying that they way > >> to do security properly on the Internet is that you MUST NOT use SSLv2 _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
