Salz, Rich <[email protected]> wrote: > * How does a client know if there were deployment considerations on the > server?
> In many cases, the client and server software are written by the same
> company.
If it was the case that's there only one vendor, then we wouldn't need a
standard at all, would we?
And, if TLS 1.2 is always off until someone turns it on in a configuration
file, then there is no interoperability.
> This is of course NOT the case when the application is a Web
> application.
What's a Web Application?
Is that only when there is a browser involved, or does it include httpapi
situations?
mcr> * If we know (at protocol development time) that there are deployment
mcr> considerations, what are we supposed to write?
> If you think it’s temporary, go with the MUST 1.3. If you think it is
> endemic go with MUST 1.3+MAY 1.2
I'm all for telling everyone to do TLS 1.3.
I do not think this document is helpful.
I think it might be actually harmful.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Uta mailing list -- [email protected] To unsubscribe send an email to [email protected]
