OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-taxii] HTTPS

I would advise specifying TLS v 1.2 or higher rather than 1.1.

There seems no reason not to go for v1.2.


On 16 December 2015 at 10:24, Jerome Athias <athiasjerome@gmail.com> wrote:
TAXII systems MUST use TLS version 1.1 [RFC4346] or higher for
confidentiality, identification, and authentication, when sending
TAXII messages over HTTPS.  HTTPS is specified in Section 2 of
[RFC2818].

NB: stolen from https://www.rfc-editor.org/rfc/rfc6546.txt

2015-12-15 21:40 GMT+03:00 Jordan, Bret <bret.jordan@bluecoat.com>:
> Please propose some updated verbiage...
>
>
> Thanks,
>
> Bret
>
>
>
> Bret Jordan CISSP
> Director of Security Architecture and Standards | Office of the CTO
> Blue Coat Systems
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can
> not be unscrambled is an egg."
>
> On Dec 15, 2015, at 11:35, Jerome Athias <athiasjerome@GMAIL.COM> wrote:
>
> Hi,
>
> Thanks for asking.
> Yes I think we should specify/highly recommend TLS
>
> My favorite resource:
> https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
>
> Cheers
>
> On Tuesday, 15 December 2015, Jordan, Bret <bret.jordan@bluecoat.com> wrote:
>>
>> All,
>>
>> Currently in the pre-draft document we have the following verbiage.
>>
>> This specification defines requirements for using HTTPS; this
>> specification does not define requirements for using non-encrypted HTTP. All
>> TAXII compliant communications and interactions in TAXII 2 MUST use HTTPS.
>>
>>
>> Question:
>> Do we need to add anything extra about specific types of HTTPS, TLS
>> version, etc?
>>
>>
>> Thanks,
>>
>> Bret
>>
>>
>>
>> Bret Jordan CISSP
>> Director of Security Architecture and Standards | Office of the CTO
>> Blue Coat Systems
>> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
>> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that
>> can not be unscrambled is an egg."
>>
>

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php




--
Adam Cooper
Identity Assurance Programme
Government Digital Service
125 Kingsway, London, WC2B 6NH

Tel: 07973 123 038

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]