![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
Opened 13 years ago
#114 new enhancement
timeline for strict implementation
| Reported by: | jsalowey@… | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | DISCUSS |
| Component: | draft-ietf-tls-renegotiation-00 | Version: | 00 |
| Severity: | Active WG Document | Keywords: | |
| Cc: |
Description
Yngve Nysaeter Pettersen:
I also think the finished document should include a timeline for when lenient implementations should become strict, and refuse to negotiate with unpatched peers. Without such a timeline I think it will take much longer to get rid of unpatched implementations (particularly servers) than is necessary to get this problem removed from the net. IMO such a timeline should not be longer than 12 months from the publication of the RFC. Leaving the decision for such a sunset date to vendors is not a good idea (just look how long SSLv2 and export ciphers were supported, mostly because a few major internet services refused to upgrade).
Note: See
TracTickets for help on using
tickets.
