[Openid-specs-fapi] Issue #703: Tweaks to BCP195 language (openid/fapi)
josephheenan
issues-reply at bitbucket.org
Fri Jul 5 19:47:45 UTC 2024
New issue 703: Tweaks to BCP195 language
https://bitbucket.org/openid/fapi/issues/703/tweaks-to-bcp195-language
Joseph Heenan:
The current text in FAPI2 says:
> when using TLS 1.2, shall follow the recommendations for Secure Use of Transport Layer Security in \[@!BCP195\];
I believe we should remove the ‘when using TLS 1.2', so that it says simply:
> shall follow the recommendations for Secure Use of Transport Layer Security in \[@!BCP195\];
The reason for this is that I think we can expect there will be an update to BCP 195 at some point in the next few years that specifies some extra requirements for TLS 1.3 \(there’s already at least one TLS 1.3 related requirement, though I think that it would apply to web servers\).
More information about the Openid-specs-fapi
mailing list