John, you reference RFC 7540 and I believe you wanted to refer to RFC 7925 instead.
RFC 7925 talks about the Extended Master Secret extension, Signature Algorithm extension, and OCSP stapling. Ciao Hannes -----Original Message----- From: saag <saag-boun...@ietf.org> On Behalf Of John Mattsson Sent: Samstag, 5. Oktober 2019 12:36 To: hannes.tschofe...@gmx.net; TLS@ietf.org; s...@ietf.org Subject: Re: [saag] [TLS] Lessons learned from TLS 1.0 and TLS 1.1 deprecation "hannes.tschofe...@gmx.net" <hannes.tschofe...@gmx.net> wrote: > PS: As Kathleen noted TLS 1.2 and DTLS 1.2 are perfectly fine if you follow > RFC 7925/7525. While TLS 1.2 and DTLS 1.2 can be configured to be secure, RFC 7525 is definitely not enough. RFC 7540 would be a good start, but also that would need to be extended with support of extensions like Extended Master Secret, Signature Algorithms, and Certificate Status Request to be considered fine in 2019. Cheers, John _______________________________________________ saag mailing list s...@ietf.org https://www.ietf.org/mailman/listinfo/saag IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls