Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
>> Or, you can write new application level code, but the base embedded
system,
>> which contains TLS as part of the SDK, can not be upgraded without a new
>> review.
> That's what I usually run into. A tweak in the application-level code
isn't a
> big deal, but adding an entire second protocol stack for TLS 1.3 is.
There
> are also situations where you've barely got room for one TLS stack, so
being
> required to have both TLS 1.2 and 1.3 is a non-starter.
So, on the non-constrained system, we need to tell them to do 1.3 (and newer)
so that there is an update path, but also to do 1.2.
Further, the more documents which people wind up not complying to, then it
becomes increasing to get them to pay any attention to any of the criteria.
And DTLS 1.3 is not ubiquitous.
This started with an AD telling us that we need to reflect uta-require-tls1.3
in our
document, but really, we do as good a job as we can.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
