[Bug 4836] RFC4346 obsoletes RFC2246 from Philippe Le Hegaret on 2007-07-05 (public-ws-policy@w3.org from July 2007)

From: Philippe Le Hegaret <plh@w3.org>
Date: Thu, 05 Jul 2007 21:27:33 +0000
To: public-ws-policy <public-ws-policy@w3.org>
Message-Id: <1183670854.4269.62.camel@localhost>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=4836

I noticed that RFC4346 (TLS 1.1) obsoletes RFC2246 (TLS 1.0) and, since
both the framework and attachment specifications are referencing RFC
2246, i wonder if the Group considered using RFC 4346.

It's not clear to me how TLS 1.1 is deployed. The RFC was published in
April 2006. There is a ongoing work on TLS 1.2 [1]. I didn't find
evidences that Java or .Net supports 1.1.

Digging around, I found a discussion on this subject at [2], which seems
to indicate that this is still an open question.

The WS-Policy specifications only mentions "such as [...], SSL/TLS [IETF
RFC 2246],".

My proposal is to either:
1. leave the specification as is, since it's only mentioned as a
possibility and isn't a normative reference.
2. change the reference from "2246" to "2246 or its successors".

If the Group comes up with a third solution, I'll probably be happy as
well.

Philippe

[1] http://www.ietf.org/html.charters/tls-charter.html
[2] http://osdir.com/ml/ietf.apps-discuss/2007-01/msg00040.html

Received on Thursday, 5 July 2007 21:27:48 UTC