OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Security - coordination with MSH issues


Chris,

Here is what RFC 2246 has to say about the relationship to SSL 3.0.  This
is from the "goals of this document" section.

     The differences
      between this protocol and SSL 3.0 are not dramatic, but they are
      significant enough that TLS 1.0 and SSL 3.0 do not interoperate
      (although TLS 1.0 does incorporate a mechanism by which a TLS
      implementation can back down to SSL 3.0).

To me this suggests that there MIGHT be differences in how SSL 3.0 and TLS
1.0 properties would be expressed in the CPP and CPA.  In addition, any new
function in TLS, such as Kerberos, would probably have to be expressed in
the CPP/CPA only for use with TLS (and not SSL).

Regards,
Marty
*************************************************************************************

Martin W. Sachs
IBM T. J. Watson Research Center
P. O. B. 704
Yorktown Hts, NY 10598
914-784-7287;  IBM tie line 863-7287
Notes address:  Martin W Sachs/Watson/IBM
Internet address:  mwsachs @ us.ibm.com
*************************************************************************************



christopher ferris <chris.ferris@east.sun.com>@Sun.COM on 08/29/2001
02:43:40 PM

Sent by:  Chris.Ferris@Sun.COM


To:   Martin W Sachs/Watson/IBM@IBMUS
cc:   "Collier, Timothy R" <timothy.r.collier@intel.com>,
      "'ebxml-cppa@lists.oasis-open.org'" <ebxml-cppa@lists.oasis-open.org>
Subject:  Re: Security - coordination with MSH issues



Marty,

Given that TLS is effectively derived from SSLv3, what
specific differences had you in mind? TLS adds support
for Kerberos and a few other bits, but it is largely the same
is it not?

Cheers,

Chris

Martin W Sachs wrote:
>
> Tim,
>
> This is a good list.  I do have a few comments:
>
> TLS 1.0 has the status of PROPOSED STANDARD.  I think it's time that CPA
> and MSG explicitly support TLS 1.0 as an alternative to SSL 3.0 (probably
> in V2.0).  That would mean providing the necessary elements and
attributes
> to support it properly.  Since it is not directly interoperably with SSL
> 3.0, the element structure might be different from the element structure
> for SSL 3.0. We would also have to think about whether the SSL
> interoperability option in TLS would need its own supprt in the CPA or
> could be implied by the use of the SSL elements.
>
> The following are probably needed but don't seem to have security
> implications except that some might figure in any new packaging
definition:
>
> 1.3  Support for large messages using HTTP Compress function
> 1.4  Provide Multicast support
> 2.6 Transport Compression (is this the same as 1.3?)
>
> Regards,
> Marty
>
>
*************************************************************************************

>
> Martin W. Sachs
> IBM T. J. Watson Research Center
> P. O. B. 704
> Yorktown Hts, NY 10598
> 914-784-7287;  IBM tie line 863-7287
> Notes address:  Martin W Sachs/Watson/IBM
> Internet address:  mwsachs @ us.ibm.com
>
*************************************************************************************

>
> "Collier, Timothy R" <timothy.r.collier@intel.com> on 08/27/2001 07:07:06
> PM
>
> To:   "'ebxml-cppa@lists.oasis-open.org'"
<ebxml-cppa@lists.oasis-open.org>
> cc:
> Subject:  Security - coordination with MSH issues
>
> All,
>
>      I have started a listing of the security specific issues that seem
> to need further discussion with the MSH team.  The issues from the MSH
> perspective are from their latest issues list (thanks Marty), and our
> issues
> are currently just headers that are there to reflect my assumptions on
what
> needs MSH co-discussion.  Please add to the list and when we get close to
> the Oct F2F, and it is filled in, I would like to send it to the MSH
team.
>      One of the biggest things, I think, is to make sure that what gets
> worked on in V1.1 in both MSH and CPPA is consistent.  It would be bad if
> one adds something that is not supported by the other.
>
>      Tim
>
>  <<Security MSH+CPPA.ZIP>>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC