OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Created: (MQTT-104) The Normative and Non-Normative References in WD 15 need some work

The Normative and Non-Normative References in WD 15 need some work
------------------------------------------------------------------

                 Key: MQTT-104
                 URL: http://tools.oasis-open.org/issues/browse/MQTT-104
             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
          Issue Type: Bug
          Components: core
            Reporter: Peter Niblett


Some errors in Section 1.3  

- It lists  RFC 1700  (Assigned numbers) but this RFC is now obsolete, and so should be deleted.  Also there was no real need to reference it, as it was only being used as a justification for putting 16 bit integers in MSB:LSB order.  

- The TLS protocol reference is incorrect.  It should be [RFC 5246] and the URL should be http://tools.ietf.org/html/rfc5246   (not 6455). Also you could describe it as a Proposed Standard

- The WebSocket reference is incorrect. It should be [RFC 6455].  Also it should say "Proposed Standard" rather than "Proposed Standard STD2".

There are also several places in section 5 which need to point to a normative or non-normative reference in 1.3 or 1.4... I think they are mostly for 1.4

1. Server implementations that offer TLS SHOULD use TCP port 8883 [IANA service name: secure-mqtt]. 
2,3,4.  In addition to technical security issues there may also be geographic (e.g., European SafeHarbour), industry specific (e.g., PCI DSS) and regulatory considerations (e.g., Sarbannes-Oxley).
5,6. Advanced Encryption Standard (AES) and Data Encryption Standard (DES)
7. ISO 29192 
8,9 LDAP or Oauth tokens
10. Server Name Indication extension to TLS (nb the URL given in the text for this is obsolete)
11. Online Certificate Status Protocol (OSCP) 
12.IEEE 802.1AR
13, SOCKSv5
14. SSH
15. NIST Cyber Security Framework
16. NISTIR 7628 Guidelines for Smart Grid Cyber Security
17. Federal Information Processing Standards (FIPS-140-2)
18. PCI-DSS
19. NSA Suite B





-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]