On Tue, 30 Jan 2024 at 10:11, Florian Schmaus <flo@geekplace.eu> wrote:
If we are not positive about it, then why should be push implementations
into non-compliance by mandating it, when we simply could (strongly)
recommend it?

Exactly this - interoperability should be a pragmatically achievable goal. Security should be as high as possible without disrupting that goal, because if it's disrupted then people will just use something else that actually works, and the additional requirements have achieved nothing.

Given this, tls-server-end-point seems like it ought to be baseline - it's relatively easy to implement anywhere, and while it has weaknesses, it's still a lot better than nothing.

So that says, to me, text along the lines of "MUST implement".

tls-exporter is clearly superior, so we want to encourage that, but accept there are lots of cases where that's not practical, so "SHOULD implement".

Finally, we know that in some deployments, there is enough control of clients and other deployment aspects that there's no practical benefit to supporting the weaker tls-server-end-point, so we might want to indicate that while deployment in the general case is "strongly advised" (I'm side-stepping RFC 2119 here), if a particular deployment can remove it that's actually better security.

Dave.