Nit in the latest version: 12.6. Advertisement of STS policies
MSPs SHOULD advertise STS policies that include at least tls11, tls- I think "tls11" was changed to "tls-version=1.1". cert and sts-url, with the latter having an associated https URL that can be used to inform clients of service outages or problems impacting client confidentiality. Note that advertising tls-cert is a commitment to maintain and renew server certificates. A MSP MAY also specifically indicate a commitment to support PKIX validation, DANE validation, or both, using tls-cert=pkix, tls-cert=dane, or tls- cert=pkix+dane, respectively. _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
