[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: HTTPS details in TAXII
All,
In Section 2 of the specification we talk about Transport requirements and some of the encryption requirements for implementing TAXII over HTTPS.. I have a question / concern about one of the requirements that we have listed. It says:
TAXII Servers and Clients
MUST
implement TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [RFC5289] and MUST NOT
offer or negotiate (bid down) an encrypted connection with parameters weaker than TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384.
We have heard from a few people that they do not understand what is meant by "weaker than". There is a concern that people that are not super familiar with Crypto will get this wrong. So I am wondering if we can just be silent about this. As such I would like to propose that we just remove that requirement from the specification.
Bret
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]