On Sun, Apr 17, 2016 at 08:45:06PM -0700, Jim Fenton wrote:
> I'm a little confused by the language in section 9.1 "All [client and
> server] implementations MUST be configurable to support implicit TLS
> using the TLS 1.2 protocol or later." So why not insist in TLS 1.2 all
> the time? There must be a deployment corner case that I'm not considering.
>
> But, as you noted in section 6, the choice of TLS version isn't the only
> thing that needs to be considered. Why does TLS version rise to the
> level of importance of creating a directive, but cipher suite doesn't?
I agree that it may make more sense to set protocol floors in TLS
libraries and "die die die" RFCs that obsolete old protocol versions
than to do so via DEEP application latches. The TLS protocol
version latches are likely too much work for too little gain.
--
Viktor.
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
