On Thu, Apr 10, 2025 at 6:59 AM Michael Richardson <mcr+i...@sandelman.ca> wrote:
> > Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > >> Or, you can write new application level code, but the base embedded > system, > >> which contains TLS as part of the SDK, can not be upgraded without > a new > >> review. > > > That's what I usually run into. A tweak in the application-level > code isn't a > > big deal, but adding an entire second protocol stack for TLS 1.3 > is. There > > are also situations where you've barely got room for one TLS stack, > so being > > required to have both TLS 1.2 and 1.3 is a non-starter. > > So, on the non-constrained system, we need to tell them to do 1.3 (and > newer) > so that there is an update path, but also to do 1.2. > > Further, the more documents which people wind up not complying to, then it > becomes increasing to get them to pay any attention to any of the criteria. > > And DTLS 1.3 is not ubiquitous. > This document already distinguishes DTLS 1.3 from TLS 1.3 for this precise reason. -Ekr > This started with an AD telling us that we need to reflect > uta-require-tls1.3 in our > document, but really, we do as good a job as we can. > > > > -- > Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > _______________________________________________ > Anima mailing list -- an...@ietf.org > To unsubscribe send an email to anima-le...@ietf.org >
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
