On Sunday, May 20, 2007 01:41:29 PM -0700 Eric Rescorla
<ekr(_at_)networkresonance(_dot_)com> wrote:
I agree that these specs should explicitly specify which TLS version
to support. As a practical matter, this is either 1.0 or 1.1, since
1.2 is not yet finished. Unfortunately, which one to require isn't
really something that can be decided on technical grounds: the
protocols are very slightly different and (at least in theory)
backward compatible. TLS 1.1 is slightly more secure and TLS 1.0 is
quite a bit more widely deployed.
On balance, I think this probably turns into a MUST for 1.0 and a
SHOULD for 1.1, but I could certainly see this argued another way.
It seems to me that specs should _not_ explicitly specify which TLS version
to support, and should instead refer to an STD number. Applications don't
generally specify which verisons of IP or TCP to use, and TLS is at a
similar level of abstraction -- except that the situation is not as
painful, because using a different version of IP means you have to use
completely different names, whereas using a different version of TLS does
not.
-- Jeff
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf