Hi Julien,
On 24 Nov 2015, at 21:26, Julien ÉLIE <julien(_at_)trigofacile(_dot_)com>
wrote:
Couldn't the draft also update Section 5 of RFC 4642 about the use of TLS in
NNTP?
The NNTP protocol is also a protocol that is found in email clients, so it
would make sense to have consistent rules between email and netnews.
(Snip)
Or another idea: wouldn't the draft be worthwhile for a BCP like BCP 195
"Recommendations for Secure Use of Transport Layer Security (TLS) and
Datagram Transport Layer Security (DTLS)"?
It could indeed be "Recommendations for TLS Server Identity Check Procedure".
The advantage would be that the BCP can apply to email protocols, as well as
other protocols using TLS.
It would save time for others, and permit to have homogeneity and consistent
rules across protocols, as well as increasing security.
Early on the WG decided to not do that and deal with different types of
protocols separately. For example, requirements on XMPP and email are a bit
different, so separate documents are the best. But of course nothing prevents
people from publishing another document saying "do the same thing as this other
specification, just use different SRV labels" (for example).
Best Regards,
Alexey