OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Fwd: SAML Conformance SSL/TLS requirements



>> 1)  The terms "FIPS TLS-Capable" and "TLS-Capable" are not defined.
What does this mean, precisely.

It means that if you have a FIPS implementation you can use the FIPS
ciphersuites, otherwise use the corresponding TLS ciphersuites.

The wording in the specification was an attempt to say you can use TLS
(non-FIPS) ciphersuites or the FIPS equivalents. 

Didn't want to rule out FIPS implementations from conforming.

Perhaps a footnote is required in the compliance document stating this? 

regards, Frederick

Frederick Hirsch
Nokia

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]