Hi -
On 2022-02-28 6:28 AM, Kenneth Vaughn wrote:
To OPSAWG, especially MIB doctors and SNMP-experts:
We have contacted the TLS community about potentially allowing for the
continued use and maintenance of the IANA TLS HashAlgorithm Registry
(RFC 5246) in the update to RFC 6353 so that we do not have to redefine
its fingerprint algorithm. The TLS community expressed a valid concern
that if the registry is maintained by adding new values, it would imply
that those new values could be used within TLS 1.2; thus our proposal to
continue to reference the existing table was not accepted.
I don't understand the fear here. Are they worried that:
- someone would misconstrue additions to the IANA TLS HashAlgorithm
Registry as somehow *requiring* TLS 1.2 implementations to be
updated, even though they've been "designated obsolete"?
- that despite TLS 1.2 having been "designated obsolete", folks
maintaining those implementations would take it upon themselves
to add support for later additions to the IANA TLS HashAlgorithm
Registry?
- that there might be a proliferation of TLS 1.2 deployments that
attempt to use the additions to the IANA TLS HashAlgorithm
Registry, despite TLS 1.2 having been "designated obsolete"?
- that the possibility of adding these algorithms might somehow
prolong the lifetime of existing TLS 1.2 deployments or even
lead to new ones, despite it having been "designated obsolete"?
- something else?
Randy
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
