OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Security - coordination with MSH issues


This is a good list.  I do have a few comments:

TLS 1.0 has the status of PROPOSED STANDARD.  I think it's time that CPA
and MSG explicitly support TLS 1.0 as an alternative to SSL 3.0 (probably
in V2.0).  That would mean providing the necessary elements and attributes
to support it properly.  Since it is not directly interoperably with SSL
3.0, the element structure might be different from the element structure
for SSL 3.0. We would also have to think about whether the SSL
interoperability option in TLS would need its own supprt in the CPA or
could be implied by the use of the SSL elements.

The following are probably needed but don't seem to have security
implications except that some might figure in any new packaging definition:

1.3  Support for large messages using HTTP Compress function
1.4  Provide Multicast support
2.6 Transport Compression (is this the same as 1.3?)



Martin W. Sachs
IBM T. J. Watson Research Center
P. O. B. 704
Yorktown Hts, NY 10598
914-784-7287;  IBM tie line 863-7287
Notes address:  Martin W Sachs/Watson/IBM
Internet address:  mwsachs @ us.ibm.com

"Collier, Timothy R" <timothy.r.collier@intel.com> on 08/27/2001 07:07:06

To:   "'ebxml-cppa@lists.oasis-open.org'" <ebxml-cppa@lists.oasis-open.org>
Subject:  Security - coordination with MSH issues


     I have started a listing of the security specific issues that seem
to need further discussion with the MSH team.  The issues from the MSH
perspective are from their latest issues list (thanks Marty), and our
are currently just headers that are there to reflect my assumptions on what
needs MSH co-discussion.  Please add to the list and when we get close to
the Oct F2F, and it is filled in, I would like to send it to the MSH team.
     One of the biggest things, I think, is to make sure that what gets
worked on in V1.1 in both MSH and CPPA is consistent.  It would be bad if
one adds something that is not supported by the other.


 <<Security MSH+CPPA.ZIP>>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC