On Thu, 16 Apr 2015, Viktor Dukhovni wrote:
In any case this draft was ready (and has been largely unchanged) for about a year now, *before* all the fuss about SSL 3.0. Clients MUST support at least TLS 1.0 (to use SNI). Servers MAY support SSL 3.0 (allowing them to publish TLSA RRs with whatever they're running today). At this point we can set the floor at TLS 1.0 if that's better "optics", the number of servers doing just SSL 3.0, whose admins might be tempted to publish DANE TLSA RRs is likely zero.
DANE should not say which TLS version to use. Leave that up to the TLS working group ? Paul _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
