OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (MQTT-164) 1.2 Normative References DES - withdrawn standard

    [ http://tools.oasis-open.org/issues/browse/MQTT-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=36546#action_36546 ] 

Peter Niblett commented on MQTT-164:
------------------------------------

Already raised in [mqtt-132]

> 1.2 Normative References DES - withdrawn standard
> -------------------------------------------------
>
>                 Key: MQTT-164
>                 URL: http://tools.oasis-open.org/issues/browse/MQTT-164
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Bug
>         Environment: References
>            Reporter: Patrick Durusau
>
> Section 1.2 Normative References reads in part:
> *****
> Data Encryption Standard (DES).
> http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
> *****
> However, the document referenced now has this cover page:
> *****
> The attached publication,
> FIPS Publication 46-3
> (reaffirmed October 25, 1999),
> was withdrawn on May 19, 2005 and is provided here only
> for historical purposes.
> *****
> The purpose of a normative reference is to cite additional standards to which a conforming application must conform in order to conform to the citing specification. 
> In this case the citing of DES implies that conformance to MQTT may require conformance to a withdrawn specification. 
> Withdrawn specifications are allowable for non-normative references but should not be used as normative references. 
> Section 5.2 Lightweight cryptography and constrained devices cites DES saying:
> *****
> Advanced Encryption Standard [AES] and Data Encryption Standard [DES] are widely adopted.
> *****
> I take that to be a non-normative statement, simply an observation and not a requirement for conformance to DES.
> I would move DES into the Non-normative reference section since it isn't required for conformance to MQTT.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]