We are really some years away from *DTLS* from being ubiquitously available in libraries. Even for those that have some of it, it doesn't all work that well. And it might not be available in FIPS certified libraries yet.
In RFC8995, we wrote (section 5.1) after IESG review: Use of TLS 1.3 (or newer) is encouraged. TLS 1.2 or newer is REQUIRED on the pledge side. Encourage 1.3. Tolerate 1.2. This does cause some policy bifuration because of the different ways in which ciphers are named/negotiated, but that should not be a problem in practice. The CCM-8/MTI for CoAPS is really the bigger problem that we need to resolve. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
