Sam Hartman wrote:
My preference is to resolve this by making 2818 normative; I believe
we've already 3967'd 2818 so we don't need an additional last call on
this one.
Is RFC 2818 sufficient to ensure interoperability? It would be quite
easy for two implementations to claim to implement "TLS" and fail to
interoperate. RFC 4346 contains mandatory cipher suites. Without those,
conformant implementations could fail during authentication setup,
right? The same danger would exist if the draft claimed "HTTP
Authentication" must be supported without specifying a scheme.
- Rob
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf