[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [ebxml-cppa] UPDATED: EncryptionAlgorithm element underTransportSecurityProtocol
OK to Pete's rewording of last sentence. Dale -----Original Message----- From: Pete Wenzel [mailto:pete@seebeyond.com] Sent: Friday, March 29, 2002 11:50 AM To: Dale Moberg Cc: Cppa (E-mail); Tony Weida (E-mail) Subject: Re: [ebxml-cppa] UPDATED: EncryptionAlgorithm element under TransportSecurityProtocol Thus spoke Dale Moberg (dmoberg@cyclonecommerce.com) on Fri, Mar 29, 2002 at 10:48:05AM -0700: > > Pete, > > Here is my amended text for the entry about EncryptionAlgorithm > that incorporate sample values for cipher suites. > ... > ========suggested language============================== > ... > 8.4.28.1 EncryptionAlgorithm > > Zero or more EncryptionAlgorithm elements may be included under the > TransportSecurityProtocol element. Multiple elements are > of more use in a CPP context, to announce capability or > preferences; normally, a CPA will contain the agreed upon > context. When zero elements are present in a CPA, whatever outcome > the TransportSecurityProtocol handshake decides, > is what the parties in effect agree upon. Since the CPA can have more than one also, I suggest rewording the last sentence: "When zero or more than one element is present in a CPA, the parties agree to allow the TransportSecurityProtocol's automatic negotiation capability to determine the actual algorithm used." > The elements' ordering will reflect the preference > for algorithms. A primary reason for including this element is to permit > use of the minimumStrength attribute; a large value for this > attribute can indicate that a high encrytion strength > is desired or has been agreed upon for the TransportSecurityProtocol. > > See section 8.4.48 for the full description > of this element. > > For SSL and TLS, it is customary to specify cipher suite values > under the EncryptionAlgorithm element. These values include: > SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5, > SSL_RSA_WITH_RC4_128_SHA, > SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, and > so on. Consult the original specifications for enumerations > and discussions of these values. That's what I had in mind, thanks. --Pete Pete Wenzel <pete@seebeyond.com> SeeBeyond Standards & Product Strategy +1-626-471-6092 (US-Pacific)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC