ietf-nntp TLS version requirements
Jeffrey M. Vinocur
jeff at litech.org
Mon Mar 17 12:01:20 PST 2003
Since the removal of MULTIDOMAIN in favor of the server_name TLS
extension, I wonder if we should discuss the text about TLS version.
At the moment I have the text below, which "strongly recommends" that
virtualhosting support be provided. Is this acceptable as is? Should
a RFC 2119 keyword be used? Is it necessary to distinguish the level of
importance of this support in clients (which should definitely have it, or
else they may not receive an appropriate certificate) and servers (which
may choose not to have it, although that may make them less suitable for
virtualhosted usage)?
Servers MUST be able to understand backwards-compatible TLS Client
Hello messages (provided that client_version is TLS 1.0 or later), and
clients MAY use backwards-compatible Client Hello messages. Neither
clients or servers are required to actually support Client Hello
messages for anything other than TLS 1.0. However, the TLS extension
for Server Name Indication [TLS-EXT] is strongly recommended whenever
possible, as otherwise it is not possible for a server with several
hostnames to present the correct certificate to the client.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list