Hi Alexey
Le 2020-02-17 à 14:10, Alexey Melnikov a écrit :
Hi Martin,
On 17/02/2020 13:06, Martin Vigoureux via Datatracker wrote:
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Hi
In the updates it proposes, this document seems to still allow for the
use/support of 1.0 and 1.1 but draft-ietf-tls-oldversions-deprecate-06
says
MUST NOT use for these.
I'm surely missing something obvious or I'm simply incorrectly
interpreting the
text, but shedding light on this would be greatly appreciated.
RFC 8314 (the document being updated) already disallows TLS 1.0 and this
document disallows TLS 1.1
indeed, but my question is with regards to those sentences:
"However, an MSP may find it necessary to
make exceptions to accommodate some legacy systems that support only
earlier versions of TLS or only cleartext."
"Earlier TLS and SSL versions MAY also be supported"
As said maybe I'm reading them incorrectly, but they seem in
contradiction with the intention of the draft itself (i.e., disallow
1.1) and with draft-ietf-tls-oldversions-deprecate-06 (which is
normatively referenced) which says MUST NOT use 1.1.
best regards,
martin
Best Regards,
Alexey
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
