So, again: This draft should either be expanded to say what TLS clients and servers and configuration SHOULD / MUST do with D-level components, or tell readers why it is not. Telling
developers "go look at every doc that is liked from a D-level spec" is likely to cause them to not do so, and the result will be insecure implementations and lack of interoperability.
I think it is good that the draft says “we discourage” and that’s good enough. The whole point of saying discouraged is that it doesn’t rise to the level of SHOULD NOT.
|
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
