On Fri, May 1, 2020 at 10:47 AM <ned+...@mrochek.com> wrote: > > IMO RFC7525 and this new draft both suffer from dubious assumptions and > > make poor recommendations because of those assumptions. In particular, > > there are many cases for which using an old version of TLS is suboptimal > > and it shouldn't be considered as secure, but it may still be better > > than deprecating old versions of TLS that might be the only ones > > supported by the peer. > > Whether or not to ban SSL v2 and v3 is a tough call, but not for the > reasons > given in RFC 7525. >
Fortunately this decision is not before us. The IETF banned SSLv2 back in 2011 and SSLv3 in 2016. -Ekr
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
