[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [ebxml-cppa] UPDATED: EncryptionAlgorithm elementunderTransportSecurityProtocol
I think that it needs to deal with both. Cheers, Chris Martin W Sachs wrote: > While we are on the subject, isn't time that the spec talks about TLS, > rather than SSL? After all, TLS is the public standard while SSL is a > proprietary protocol. Currently, the only place TLS is mentioned is in the > [SSL] reference and all that is there is a 2-year-old statement left over > from tpaML saying that IETF is working on "Transport Layer Security". As I > understand it, to a first approximation, the change is only to substitute > the name "TLS" for "SSL" along with a non-normative discussion of the > extent to which an implementation can use SSL although the CPA say "TLS". > > Regards, > Marty > > ************************************************************************************* > > Martin W. Sachs > IBM T. J. Watson Research Center > P. O. B. 704 > Yorktown Hts, NY 10598 > 914-784-7287; IBM tie line 863-7287 > Notes address: Martin W Sachs/Watson/IBM > Internet address: mwsachs @ us.ibm.com > ************************************************************************************* > > > > Dale Moberg > <dmoberg@cycloneco To: Arvola Chan <arvola@tibco.com>, "Cppa (E-mail)" > mmerce.com> <ebxml-cppa@lists.oasis-open.org> > cc: "Tony Weida (E-mail)" <rweida@hotmail.com> > 03/29/2002 03:23 Subject: RE: [ebxml-cppa] UPDATED: EncryptionAlgorithm element > PM underTransportSecurityProtocol > > > > > > > I thought we were adding EncryptionAlgorithm under > TransportSecurityProtocol, because it pertains to information > about the TransportSecurityProtocol. But I suppose it can go > as a sub-element of the TransportClientSecurity and > TransportServerSecurity. Is there some reason why > one place would be better than the other? > > Dale > > -----Original Message----- > From: Arvola Chan [mailto:arvola@tibco.com] > Sent: Friday, March 29, 2002 11:59 AM > To: Dale Moberg; Cppa (E-mail) > Cc: Tony Weida (E-mail) > Subject: RE: [ebxml-cppa] UPDATED: EncryptionAlgorithm element > underTransportSecurityProtocol > > > Dale: > > Your suggested language for section 8.4.28 is slightly incorrect. > > The TransportSecurityProtocol element does not have sub-elements. > EncryptionAlgorithm is a sub-element of the TransportClientSecurity and > TransportServerSecurity elements. (TransportSecurityProtocol and > EncryptionAlgorithm are siblings.) > > Excerpt from schema: > > ========================================================== > > <element name="TransportClientSecurity"> > <complexType> > <sequence> > <element name="TransportSecurityProtocol" > type="tns:protocol.type"/> > <element name="ClientCertificateRef" > type="tns:CertificateRef.type" > minOccurs="0"/> > <element name="ServerSecurityDetailsRef" > type="tns:SecurityDetailsRef.type" minOccurs="0"/> > <element ref="tns:EncryptionAlgorithm" minOccurs="0" > maxOccurs="unbounded"/> > </sequence> > </complexType> > </element> > > <element name="TransportServerSecurity"> > <complexType> > <sequence> > <element name="TransportSecurityProtocol" > type="tns:protocol.type"/> > <element name="ServerCertificateRef" > type="tns:CertificateRef.type"/> > <element name="ClientSecurityDetailsRef" > type="tns:SecurityDetailsRef.type" minOccurs="0"/> > <element ref="tns:EncryptionAlgorithm" minOccurs="0" > maxOccurs="unbounded"/> > </sequence> > </complexType> > </element> > > ================================================================ > > The EncryptionAlgorithm element is defined as follows: > > <element name="EncryptionAlgorithm"> > <complexType> > <simpleContent> > <extension base="tns:non-empty-string"> > <attribute name="minimumStrength" type="integer"/> > <attribute name="oid" type="tns:non-empty-string"/> > <attribute name="w3c" type="tns:non-empty-string"/> > <attribute name="enumerationType" > type="tns:non-empty-string"/> > </extension> > </simpleContent> > </complexType> > </element> > > Where would you put potentially multiple cipher suite values under > EncryptionAlgorithm? Will some schema change be necessary? > > -Arvola > > > -----Original Message----- > From: Dale Moberg [mailto:dmoberg@cyclonecommerce.com] > Sent: Friday, March 29, 2002 9:48 AM > To: Cppa (E-mail) > Cc: Tony Weida (E-mail) > Subject: [ebxml-cppa] UPDATED: EncryptionAlgorithm element > underTransportSecurityProtocol > > > > Pete, > > Here is my amended text for the entry about EncryptionAlgorithm > that incorporate sample values for cipher suites. > > ========Background============ > > Issue 155 states, among other things," > > More details are needed in the CPPA > specification regarding SSL 3.0. > > The need to state the encryption algorithm was > specifically called out." > > We do now, of course, have PKI agreements > for either client-side or server-side authentication > represented. > > We do allow preference for a given SSL version to > be stated (presumably either SSL-3 SSL-3.1 TLS 1.0, > since SSL-2 generally deprecated along with SSL-1). > > I do think it is worthwhile being able to announce > a capability, preference and agreement about high strength > encryption. I am uncertain how much anyone will need or > benefit from explicitly mentioning algorithms. > > I have added Pete Wenzel's suggestion to illustrate > the cipher suite values that can be used here. > > > ========suggested language============================== > > 8.4.28 TransportSecurityProtocol element > The TransportSecurityProtocol element identifies the transport > layer security protocol that is supported by the parent Transport. > The IMPLIED version attribute identifies the specific version of the > protocol. > > For encryption, the protocol is SSL (Secure Socket Layer) Version 3.0 > [SSL], which uses public-key encryption. > > 8.4.28.1 EncryptionAlgorithm > > Zero or more EncryptionAlgorithm elements may be included under the > TransportSecurityProtocol element. Multiple elements are > of more use in a CPP context, to announce capability or > preferences; normally, a CPA will contain the agreed upon > context. When zero elements are present in a CPA, whatever outcome > the TransportSecurityProtocol handshake decides, > is what the parties in effect agree upon. > > The elements' ordering will reflect the preference > for algorithms. A primary reason for including this element is to permit > use of the minimumStrength attribute; a large value for this > attribute can indicate that a high encrytion strength > is desired or has been agreed upon for the TransportSecurityProtocol. > > See section 8.4.48 for the full description > of this element. > > For SSL and TLS, it is customary to specify cipher suite values > under the EncryptionAlgorithm element. These values include: > SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5, > SSL_RSA_WITH_RC4_128_SHA, > SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, and > so on. Consult the original specifications for enumerations > and discussions of these values. > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC