OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: HTTPS details in TAXII


All,


In Section 2 of the specification we talk about Transport requirements and some of the encryption requirements for implementing TAXII over HTTPS..  I have a question / concern about one of the requirements that we have listed.  It says:


TAXII Servers and Clients MUST implement TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [RFC5289] and MUST NOT offer or negotiate (bid down) an encrypted connection with parameters weaker than TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384.


We have heard from a few people that they do not understand what is meant by "weaker than". There is a concern that people that are not super familiar with Crypto will get this wrong. So I am wondering if we can just be silent about this. As such I would like to propose that we just remove that requirement from the specification.


Bret




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]