RFC 8995, "Bootstrapping Remote Secure Key Infrastructure (BRSKI)", May 2021

Errata ID: 6642
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT, HTML
Reported By: Michael Richardson
Date Reported: 2021-07-14
Held for Document Update by: Rob Wilton
Date Held: 2024-01-15

Section 5.4 says:

Use of TLS 1.3 (or newer) is encouraged.  TLS 1.2 or newer is 
REQUIRED.  TLS 1.3 (or newer) SHOULD be available.

It should say:

TLS 1.2 [RFC5246] with SNI support [RFC6066] is REQUIRED if 
TLS 1.3 is not available.
The Server Name Indicator (SNI) is required when the Registrar 
communicates with the MASA in order for the MASA to be hosted in 
a modern multi-tenant TLS infrastructure.

Notes:

https://mailarchive.ietf.org/arch/msg/anima/bqrZXAk7vstWQ3V1-irIATnBKpY/
This adds new references to the text.

Report New Errata