OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Security - coordination with MSH issues


Given that TLS is effectively derived from SSLv3, what
specific differences had you in mind? TLS adds support
for Kerberos and a few other bits, but it is largely the same
is it not?



Martin W Sachs wrote:
> Tim,
> This is a good list.  I do have a few comments:
> TLS 1.0 has the status of PROPOSED STANDARD.  I think it's time that CPA
> and MSG explicitly support TLS 1.0 as an alternative to SSL 3.0 (probably
> in V2.0).  That would mean providing the necessary elements and attributes
> to support it properly.  Since it is not directly interoperably with SSL
> 3.0, the element structure might be different from the element structure
> for SSL 3.0. We would also have to think about whether the SSL
> interoperability option in TLS would need its own supprt in the CPA or
> could be implied by the use of the SSL elements.
> The following are probably needed but don't seem to have security
> implications except that some might figure in any new packaging definition:
> 1.3  Support for large messages using HTTP Compress function
> 1.4  Provide Multicast support
> 2.6 Transport Compression (is this the same as 1.3?)
> Regards,
> Marty
> *************************************************************************************
> Martin W. Sachs
> IBM T. J. Watson Research Center
> P. O. B. 704
> Yorktown Hts, NY 10598
> 914-784-7287;  IBM tie line 863-7287
> Notes address:  Martin W Sachs/Watson/IBM
> Internet address:  mwsachs @ us.ibm.com
> *************************************************************************************
> "Collier, Timothy R" <timothy.r.collier@intel.com> on 08/27/2001 07:07:06
> PM
> To:   "'ebxml-cppa@lists.oasis-open.org'" <ebxml-cppa@lists.oasis-open.org>
> cc:
> Subject:  Security - coordination with MSH issues
> All,
>      I have started a listing of the security specific issues that seem
> to need further discussion with the MSH team.  The issues from the MSH
> perspective are from their latest issues list (thanks Marty), and our
> issues
> are currently just headers that are there to reflect my assumptions on what
> needs MSH co-discussion.  Please add to the list and when we get close to
> the Oct F2F, and it is filled in, I would like to send it to the MSH team.
>      One of the biggest things, I think, is to make sure that what gets
> worked on in V1.1 in both MSH and CPPA is consistent.  It would be bad if
> one adds something that is not supported by the other.
>      Tim
>  <<Security MSH+CPPA.ZIP>>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC