[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Security - coordination with MSH issues
Tim, This is a good list. I do have a few comments: TLS 1.0 has the status of PROPOSED STANDARD. I think it's time that CPA and MSG explicitly support TLS 1.0 as an alternative to SSL 3.0 (probably in V2.0). That would mean providing the necessary elements and attributes to support it properly. Since it is not directly interoperably with SSL 3.0, the element structure might be different from the element structure for SSL 3.0. We would also have to think about whether the SSL interoperability option in TLS would need its own supprt in the CPA or could be implied by the use of the SSL elements. The following are probably needed but don't seem to have security implications except that some might figure in any new packaging definition: 1.3 Support for large messages using HTTP Compress function 1.4 Provide Multicast support 2.6 Transport Compression (is this the same as 1.3?) Regards, Marty ************************************************************************************* Martin W. Sachs IBM T. J. Watson Research Center P. O. B. 704 Yorktown Hts, NY 10598 914-784-7287; IBM tie line 863-7287 Notes address: Martin W Sachs/Watson/IBM Internet address: mwsachs @ us.ibm.com ************************************************************************************* "Collier, Timothy R" <timothy.r.collier@intel.com> on 08/27/2001 07:07:06 PM To: "'ebxml-cppa@lists.oasis-open.org'" <ebxml-cppa@lists.oasis-open.org> cc: Subject: Security - coordination with MSH issues All, I have started a listing of the security specific issues that seem to need further discussion with the MSH team. The issues from the MSH perspective are from their latest issues list (thanks Marty), and our issues are currently just headers that are there to reflect my assumptions on what needs MSH co-discussion. Please add to the list and when we get close to the Oct F2F, and it is filled in, I would like to send it to the MSH team. One of the biggest things, I think, is to make sure that what gets worked on in V1.1 in both MSH and CPPA is consistent. It would be bad if one adds something that is not supported by the other. Tim <<Security MSH+CPPA.ZIP>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC