Hi,
In the meanwhile, everyone is encouraged to (re)read the current -01
version and send any feedback that they may have to the list/editors as
well.
I have a question that may seem naive, but if I understand well how
security tags work, "tls10" will always be advertised if "tls12" is. So
why bother to advertise "tls10"?
When TLS 1.3 has been standardized, will it mean that "tls10", "tls12"
and "tls13" will all be advertised and latched?
I don't see the point in having such redundancy.
Besides, the draft says that "when a server advertises a security tag,
it is making a commitment to support that security facility
indefinitely" so it means that "tls10" can be advertised even though the
server has disabled TLS 1.0 and 1.1 and only authorizes TLS 1.2.
The other point I would like to raise is the generality of this draft.
Why is it focused only on e-mail? I thought the UTA WG is for
Applications in general. Couldn't the security tags serve other
protocols than POP, IMAP and SMTP? For instance XMPP or NNTP?
So the IANA registry could be "Security Tags" instead of "Email Security
Tags". This way, any protocol could benefit of the available security
tags instead of duplicating it several times.
--
Julien ÉLIE
« – Et souvenez-vous ! La seule chose que nous ayons à craindre,
c'est que le ciel nous tombe sur la tête !
– …Et souvenez-vous, Romains, la seule chose que nous ayons à
craindre, c'est les Gaulois ! » (Astérix)
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
