[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Security - coordination with MSH issues
Marty, Given that TLS is effectively derived from SSLv3, what specific differences had you in mind? TLS adds support for Kerberos and a few other bits, but it is largely the same is it not? Cheers, Chris Martin W Sachs wrote: > > Tim, > > This is a good list. I do have a few comments: > > TLS 1.0 has the status of PROPOSED STANDARD. I think it's time that CPA > and MSG explicitly support TLS 1.0 as an alternative to SSL 3.0 (probably > in V2.0). That would mean providing the necessary elements and attributes > to support it properly. Since it is not directly interoperably with SSL > 3.0, the element structure might be different from the element structure > for SSL 3.0. We would also have to think about whether the SSL > interoperability option in TLS would need its own supprt in the CPA or > could be implied by the use of the SSL elements. > > The following are probably needed but don't seem to have security > implications except that some might figure in any new packaging definition: > > 1.3 Support for large messages using HTTP Compress function > 1.4 Provide Multicast support > 2.6 Transport Compression (is this the same as 1.3?) > > Regards, > Marty > > ************************************************************************************* > > Martin W. Sachs > IBM T. J. Watson Research Center > P. O. B. 704 > Yorktown Hts, NY 10598 > 914-784-7287; IBM tie line 863-7287 > Notes address: Martin W Sachs/Watson/IBM > Internet address: mwsachs @ us.ibm.com > ************************************************************************************* > > "Collier, Timothy R" <timothy.r.collier@intel.com> on 08/27/2001 07:07:06 > PM > > To: "'ebxml-cppa@lists.oasis-open.org'" <ebxml-cppa@lists.oasis-open.org> > cc: > Subject: Security - coordination with MSH issues > > All, > > I have started a listing of the security specific issues that seem > to need further discussion with the MSH team. The issues from the MSH > perspective are from their latest issues list (thanks Marty), and our > issues > are currently just headers that are there to reflect my assumptions on what > needs MSH co-discussion. Please add to the list and when we get close to > the Oct F2F, and it is filled in, I would like to send it to the MSH team. > One of the biggest things, I think, is to make sure that what gets > worked on in V1.1 in both MSH and CPPA is consistent. It would be bad if > one adds something that is not supported by the other. > > Tim > > <<Security MSH+CPPA.ZIP>> > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC