[Bug 4836] RFC4346 obsoletes RFC2246

http://www.w3.org/Bugs/Public/show_bug.cgi?id=4836

I noticed that RFC4346 (TLS 1.1) obsoletes RFC2246 (TLS 1.0) and, since
both the framework and attachment specifications are referencing RFC
2246, i wonder if the Group considered using RFC 4346.

It's not clear to me how TLS 1.1 is deployed. The RFC was published in
April 2006. There is a ongoing work on TLS 1.2 [1]. I didn't find
evidences that Java or .Net supports 1.1.

Digging around, I found a discussion on this subject at [2], which seems
to indicate that this is still an open question.

The WS-Policy specifications only mentions "such as [...], SSL/TLS [IETF
RFC 2246],".

My proposal is to either:
1. leave the specification as is, since it's only mentioned as a
possibility and isn't a normative reference.
2. change the reference from "2246" to "2246 or its successors".

If the Group comes up with a third solution, I'll probably be happy as
well.

Philippe

[1] http://www.ietf.org/html.charters/tls-charter.html
[2] http://osdir.com/ml/ietf.apps-discuss/2007-01/msg00040.html

Received on Thursday, 5 July 2007 21:27:48 UTC