- From: Jason Greene <jason.greene@redhat.com>
- Date: Fri, 10 Oct 2014 14:22:45 -0500
- To: Brian Smith <brian@briansmith.org>
- Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>, Greg Wilkins <gregw@intalio.com>
On Oct 10, 2014, at 1:57 PM, Brian Smith <brian@briansmith.org> wrote: > On Fri, Oct 10, 2014 at 10:41 AM, Martin Thomson > <martin.thomson@gmail.com> wrote: >> - All of the TLS usage restrictions only apply to TLS 1.2 (TLS 1.3 >> won't permit all these things anyway), except the SNI requirement > > I feel all these qualifiers of "TLS 1.2" are confusing because they > imply that the rules will be different for other versions of TLS. But, > older versions of TLS are not allowed and TLS 1.3 will have the same > rules anyway, so the "1.2" qualifiers seem unnecessary. It’s important that these rules *do not* cover TLS 1.3, as the TLS specification is the appropriate place to define TLS rules, and as time goes on, the more out of sync and problematic 9.2.2 will become. -- Jason T. Greene WildFly Lead / JBoss EAP Platform Architect JBoss, a division of Red Hat
Received on Friday, 10 October 2014 19:23:16 UTC