TLS 1.0 should be banned

Comments (11)

1. 

   Edmund Jay

   re #13 - TLS 1.0 should be banned

   → <<cset a07bc0704252>>

   • 2016-08-04T22:53:26+00:00
2. 

   Dave Tonge

   The OBWG report stated that: "API connections and data in transit should be encrypted using TLS v1.2 as a minimum."

   I suggest some statement like the above in conjunction with the reference to RFC7525

   • 2016-08-10T07:42:38+00:00
3. 

   Nat Sakimura reporter

   Agreed. Will incorporate in the coming draft.

   • 2016-08-17T13:54:40+00:00
4. 

   Nat Sakimura reporter

   • changed status to open

   agreement in the WG

   • 2016-08-31T14:46:20+00:00
5. 

   Nat Sakimura reporter

   • changed status to resolved

   Done. Now:

   7.1 TLS Considerations Since confidential information is being exchanged, all interactions shall be encrypted with TLS/SSL (HTTPS) in accordance with the recommendations in RFC7525. TLS version 1.2 or later shall be used for all communications.

   • 2016-11-29T05:17:30+00:00
6. 

   Nat Sakimura reporter

   • changed component to Part 1: RO Security

   • 2016-12-13T17:25:17+00:00
7. 

   Nat Sakimura reporter

   • changed component to Part 1: Baseline

   • 2022-12-14T15:35:51+00:00
8. 

   Nat Sakimura reporter

   • changed component to FAPI 1 - Part 1: Baseline

   • 2022-12-14T15:36:24+00:00
9. 

   Nat Sakimura reporter

   • changed component to FAPI 1 – Part 1: Baseline

   • 2022-12-14T15:36:57+00:00
10. 

    Nat Sakimura reporter

    • changed component to FAPI 1 – Baseline

    • 2022-12-14T15:38:19+00:00
11. 

    Nat Sakimura reporter

    • changed component to FAPI 1: Baseline

    • 2022-12-14T15:39:07+00:00
12. Log in to comment