Warren Kumari has entered the following ballot position for draft-ietf-uta-rfc7525bis-09: Yes
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-uta-rfc7525bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I suspect that I'm being dumb, but I cannot quite reconcile: * Implementations MUST NOT negotiate SSL version 3. * Implementations MUST NOT negotiate TLS version 1.0 [RFC2246]. * Implementations MUST NOT negotiate TLS version 1.1 [RFC4346]. with: * Implementations MUST support TLS 1.2 [RFC5246] and **MUST prefer to negotiate TLS version 1.2 over earlier versions of TLS** (emphasis added). I don't understand the last part -- it seems like this equates to: { if (version == SSL3 || version == TLS1 || version == TLS1.1 ) { abort(); } if (version >= 1.2) { do_stuff () }; } I don't understand the "if (version >= 1.2)" check -- if I MUST NOT use SSL3, TLS1.0, TLS1.1, then isn't the only thing left >= TLS 1.2? Not trying to be difficult, I really just don't understand what I'm missing... _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
