%% You should probably cite draft-pettersen-tls-version-rollback-removal-03 instead of this revision.
@techreport{pettersen-tls-version-rollback-removal-00,
    number =    {draft-pettersen-tls-version-rollback-removal-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-pettersen-tls-version-rollback-removal/00/},
    author =    {Yngve Pettersen},
    title =     {{Managing and removing automatic version rollback in TLS Clients}},
    pagetotal = 6,
    year =      2012,
    month =     jul,
    day =       3,
    abstract =  {Ever since vendors started deploying TLS 1.0 clients, these clients have had to handle server implementations that do not tolerate the TLS version supported by the client, usually by automatically signaling an older supported version instead. Such version rollbacks represent a potential security hazard, if the older version should become vulnerable to attacks. The same history repeated when TLS Extensions were introduced, as some servers would not negotiate with clients that sent these protocol extensions, forcing clients to reduce protocol functionality in order to maintain interoperability. This document outlines a procedure to help clients decide when they may use version rollback to maintain interoperability with legacy servers, under what conditions the clients should not allow version rollbacks, such as when the server has indicated support for the TLS Renegotiation Information extension. The intention of this procedure is to limit the use of automatic version rollback to legacy servers and eventually eliminate its use.},
}