Hi Warren, thanks for the review. Comment inline.
On 7/12/22 6:07 PM, Warren Kumari via Datatracker wrote:
Warren Kumari has entered the following ballot position for
draft-ietf-uta-rfc7525bis-09: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-uta-rfc7525bis/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
I suspect that I'm being dumb, but I cannot quite reconcile:
* Implementations MUST NOT negotiate SSL version 3.
* Implementations MUST NOT negotiate TLS version 1.0 [RFC2246].
* Implementations MUST NOT negotiate TLS version 1.1 [RFC4346].
with:
* Implementations MUST support TLS 1.2 [RFC5246] and **MUST prefer to negotiate
TLS version 1.2 over earlier versions of TLS** (emphasis added).
I don't understand the last part
This might be text from Section 3.1.1 of RFC 7525 that we neglected to
update; the "must prefer" phrasing made sense then but not now.
Peter
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
