ekr
commented
3 years ago I'd like to get some second opinions on this. Despite 8996 we still do expect people to do 1.0 and 1.1 for a while and if they do it should be safe. @martinthomson @davidben ?
Closed emanjon closed 2 years ago
ekr
commented
3 years ago I'd like to get some second opinions on this. Despite 8996 we still do expect people to do 1.0 and 1.1 for a while and if they do it should be safe. @martinthomson @davidben ?
davidben
commented
3 years ago Yeah, I think removing that text is slightly premature, particularly the downgrade protection bits.
richsalz
commented
3 years ago I'm okay with adding the reference. The text seems too strong too early. Maybe make it a MAY? Like "Servers that strictly follow {{RFC8896}} MAY reject ..."
ekr
commented
2 years ago I provided an alternate PR in https://github.com/tlswg/tls13-spec/pull/1252
RFC 8996 should be referenced like RFCs 6176 and 7568