On 3/14/07, EKR <ekr(_at_)networkresonance(_dot_)com> wrote:
Julian Reschke <julian(_dot_)reschke(_at_)gmx(_dot_)de> writes:
>
> As pointed out before, that text really is confusing. As a reader. I'm
> left wondering whether I need to implement RFC2246 or RFC4346. Or both?
I wish I knew the answer to this question as well... :)
Seriously, we're shortly going three separate versions of TLS
standardized, 1.0, 1.1, and 1.2, plus SSLv3. So, the question
of what to require implementors to do is a tricky one that
actually doesn't have that much to do with TLS :)
Here's a diff of the changes since last call:
<http://bitworking.org/projects/atom/draft-ietf-atompub-protocol-15-from-14.diff.html>
It's not clear whether there will be another last call, though I think
there should be. So, I will leave my comments again. I didn't see any
working group comments on the topic.
I think the substituted text is inadequate, because it is not clear
which TLS version implementors MUST support. As I understand it, the
fact that it is "tricky", implying there may be trade-offs, is not
sufficient to avoid specifying a single, mandatory-to-implement TLS
version.
--
Robert Sayre
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf