RFC Errata
RFC 8995, "Bootstrapping Remote Secure Key Infrastructure (BRSKI)", May 2021
Source of RFC: anima (ops)
Errata ID: 6642
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT, HTML
Reported By: Michael Richardson
Date Reported: 2021-07-14
Held for Document Update by: Rob Wilton
Date Held: 2024-01-15
Section 5.4 says:
Use of TLS 1.3 (or newer) is encouraged. TLS 1.2 or newer is REQUIRED. TLS 1.3 (or newer) SHOULD be available.
It should say:
TLS 1.2 [RFC5246] with SNI support [RFC6066] is REQUIRED if TLS 1.3 is not available. The Server Name Indicator (SNI) is required when the Registrar communicates with the MASA in order for the MASA to be hosted in a modern multi-tenant TLS infrastructure.
Notes:
https://mailarchive.ietf.org/arch/msg/anima/bqrZXAk7vstWQ3V1-irIATnBKpY/
This adds new references to the text.