On Feb 17, 2015, at 12:52 PM, Peter Saint-Andre - &yet <[email protected]> wrote:
>>> On the other hand, if we're
>>> expecting new or updated application protocol specs to conform to or take
>>> into account the recommendations in this document, I think that should be
>>> made more clear.
>>
>> Given that other folks have been confused on this point, I tend to agree.
>
> I propose that we add the following text after the bullet points at the start
> of Section 5 ("Applicability Statement"):
>
> This document does not modify various details (e.g., cipher suites)
> prescribed by application protocols that use TLS or DTLS. If the
> implementation and deployment community that uses such an application
> protocol wishes to modernize its usage of TLS or DTLS to be
> consistent with the best practices recommended here, it needs to
> publish a document that explicitly updates the existing application
> protocol definition. One example of such a document is
> [I-D.ietf-uta-xmpp].
Thanks Peter. I think this is good, but does not get to Pete’s point about new
protocols. And in that case if the expectation is that new protocols will
conform to this BCP’s recommendations, that should be made explicit I think.
The text above also slightly skirts the case where an existing protocol is
being updated for some other reason besides modernizing its TLS/DTLS usage. So
if the Foo protocol required support for weaker ciphers than what the BCP
requires/recommends, and someone writes Foobis for the purpose of making
non-TLS-related updates, do we expect Foobis to conform to the BCP? Or continue
to require support for weaker ciphers for interoperability purposes? Or both?
Or leave it up to the consensus at the time of Foobis publication? Would be
good to clarify that case further I think.
Alissa
>
> Peter
>
> --
> Peter Saint-Andre
> https://andyet.com/
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
