OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Conformance requirements - SSL/TLS issues

The conformance requirements document has a section on SSL/TLS, section
4.

Do we really need to specify (through the use of sub-section headings)
the TLS algorithm for SOAP and the SSL algorithm for Web SSO? I note
that there is no such distinction in the security considerations
document, section 4.5.2. Perhaps we should remove these section
headings. 

We may also want to add the statements regarding the equivalent FIPS
algorithms to the SSL conformance section from the security
considerations document. 

Is it reasonable to also require implementation of
TLS_RSA_WITH_RC4_128_SHA?

regards, Frederick

Frederick Hirsch
Nokia

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]