On Nov 3, 2014, at 8:03 PM, Peter Saint-Andre - &yet <[email protected]> wrote: > > On 10/26/14, 1:26 PM, Paul Hoffman wrote: > >> 4.2: >> o In many application protocols, clients can be configured to use >> TLS even if the server has not advertised that TLS is mandatory or >> even supported (e.g., this is often the case in messaging >> protocols such as IMAP and XMPP). >> What is "advertised" supposed to mean here? The above is certainly not true >> for STARTTLS-style protocols. If this is meant to cover protocols that use >> URI schemes that might or might not end is "s", those are not server >> advertisements. I'm not sure how to reword this because it is too unclear. > > I propose: > > o In many application protocols, clients can be configured to use > TLS no matter whether the server offers TLS during a protocol > exchange or advertises support for TLS (e.g., through a flag > indicating that TLS is required). Application clients SHOULD use > TLS by default, and disable this default only through explicit > configuration by the user.
Thanks, that's much clearer! --Paul Hoffman _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
