Opened 13 years ago

#114 new enhancement

timeline for strict implementation

Reported by: jsalowey@… Owned by:
Priority: major Milestone: DISCUSS
Component: draft-ietf-tls-renegotiation-00 Version: 00
Severity: Active WG Document Keywords:
Cc:

Description

Yngve Nysaeter Pettersen:

I also think the finished document should include a timeline for when lenient implementations should become strict, and refuse to negotiate with unpatched peers. Without such a timeline I think it will take much longer to get rid of unpatched implementations (particularly servers) than is necessary to get this problem removed from the net. IMO such a timeline should not be longer than 12 months from the publication of the RFC. Leaving the decision for such a sunset date to vendors is not a good idea (just look how long SSLv2 and export ciphers were supported, mostly because a few major internet services refused to upgrade).

Change History (0)

Note: See TracTickets for help on using tickets.