Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
From: Julian Reschke <julian.reschke at gmx.de>
Date: Tue, 05 Jun 2007 10:17:52 +0200
Cc: Cyrus Daboo <cyrus at daboo.name>, Sam Hartman <hartmans-ietf at mit.edu>, Tim Bray <tbray at textuality.com>, ietf at ietf.org, iesg at ietf.org
In-reply-to: <20070520204129.9E0AE33C23@delta.rtfm.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <45F6CE12.8020703@mozilla.com> <tsllki1rpyc.fsf@cz.mit.edu> <45F6EF91.7030008@mozilla.com> <tslk5xlq8ul.fsf@cz.mit.edu> <45F6FA2A.4060409@mozilla.com> <1C0F121E56ADA47B5683D263@caldav.corp.apple.com> <45F7EC16.1030904@zurich.ibm.com> <45F7F3FC.6020306@gmx.de> <86lkhzc22x.fsf@delta.rtfm.com> <68fba5c50705181605p66298f1fh31f119185f67d8e8@mail.gmail.com> <517bf110705192034s6e4e5656r596a6f11883e6a9a@mail.gmail.com> <20070520204129.9E0AE33C23@delta.rtfm.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060516 Thunderbird/1.5.0.4 Mnenhy/0.7.4.666

Eric Rescorla wrote:

I agree that these specs should explicitly specify which TLS version to support. As a practical matter, this is either 1.0 or 1.1, since 1.2 is not yet finished. Unfortunately, which one to require isn't really something that can be decided on technical grounds: the protocols are very slightly different and (at least in theory) backward compatible. TLS 1.1 is slightly more secure and TLS 1.0 is quite a bit more widely deployed.
On balance, I think this probably turns into a MUST for 1.0 and a
SHOULD for 1.1, but I could certainly see this argued another way.

I noticed that atompub is on next Thursday's IESG agenda. Any news on how this issue will be resolved?

Best regards, Julian


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: Robert Sayre
- Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: Sam Hartman
- Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: Robert Sayre
- Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: Sam Hartman
- Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: Robert Sayre
- Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: Brian E Carpenter
- Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: Julian Reschke
- Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: EKR
- Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: Robert Sayre
- Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: Tim Bray
- Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
  - From: Eric Rescorla

Prev by Date: RE: Last Call: draft-chakrabarti-ipv6-addrselect-api (IPv6 Socket API for Address Selection) to Informational RFC
Next by Date: Calendar Adopted with Provisional Regions 2011 - 2013
Previous by thread: [no subject]
Next by thread: Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: TLS requirements (Last Call: draft-ietf-atompub-protocol to Proposed Standard)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.