Implementing NTS options
Gary E. Miller
gem at rellim.com
Sat Feb 2 21:31:56 UTC 2019
Yo Eric!
On Sat, 2 Feb 2019 05:11:54 -0500
"Eric S. Raymond via devel" <devel at ntpsec.org> wrote:
> Hal Murray <hmurray at megapathdsl.net>:
> > Implementations MUST NOT negotiate TLS versions earlier than 1.2,
> > SHOULD negotiate TLS 1.3 [RFC8446] or later when possible, and MAY
> > refuse to negotiate any TLS version which has been superseded by a
> > later supported version.
>
> I'm not seeing anything in that 'graph which would ever *require* you
> to disable down-version TLS. The last normative is a MAY, not a MUST.
But years of crypto experience show us this happens every few years.
> > > Again. The barrier to entry for these is higher because they
> > > would need a non-trivial grammar modification
> >
> > Does the grammar support quoted strings?
>
> Yes. That's not the problem. The list construct is the problem.
We're gonna need a lot of lists.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/4cb37ab7/attachment-0001.bin>
More information about the devel
mailing list