- From: Philippe Le Hegaret <plh@w3.org>
- Date: Thu, 05 Jul 2007 21:27:33 +0000
- To: public-ws-policy <public-ws-policy@w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=4836 I noticed that RFC4346 (TLS 1.1) obsoletes RFC2246 (TLS 1.0) and, since both the framework and attachment specifications are referencing RFC 2246, i wonder if the Group considered using RFC 4346. It's not clear to me how TLS 1.1 is deployed. The RFC was published in April 2006. There is a ongoing work on TLS 1.2 [1]. I didn't find evidences that Java or .Net supports 1.1. Digging around, I found a discussion on this subject at [2], which seems to indicate that this is still an open question. The WS-Policy specifications only mentions "such as [...], SSL/TLS [IETF RFC 2246],". My proposal is to either: 1. leave the specification as is, since it's only mentioned as a possibility and isn't a normative reference. 2. change the reference from "2246" to "2246 or its successors". If the Group comes up with a third solution, I'll probably be happy as well. Philippe [1] http://www.ietf.org/html.charters/tls-charter.html [2] http://osdir.com/ml/ietf.apps-discuss/2007-01/msg00040.html
Received on Thursday, 5 July 2007 21:27:48 UTC