Guys, These are hardly editorial changes, so we need to resolve them ASAP and have a new version ready. Please, see below, Orit.
> > > > I agree we SHOULD tone down a few of the requirements, to make sure we do > > accommodate the opportunistic use case. > It would be unfortunate to simply tone the recommendations down and lose the edge of the whole BCP. > > > We all should compromise a little bit so that we can have a single BCP for > > both the authenticated and unauthenticated use cases. > > Understood. There is room to state stronger requirements for > mandatory TLS and somewhat more liberal requirements for unauthenticated > opportunistic TLS (already vulnerable to many active attacks). > Victor, could you, please, make a list of ALL places, where the current wording might not work for opportunistic deployments? Then, instead of specifying what the different recommendations for "O" might be, let's add "with the exception of deployments using TLS opportunistically (see discussion in Section XXX of this document)." A separate "O" document can discuss different cases with their implications in more details. _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
