[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Conformance requirements - SSL/TLS issues
[FH] The conformance requirements document has a section on SSL/TLS, section 4. Do we really need to specify (through the use of sub-section headings) the TLS algorithm for SOAP and the SSL algorithm for Web SSO? I note that there is no such distinction in the security considerations document, section 4.5.2. Perhaps we should remove these section headings. [\FH] Frederick, I need to check and see why we maintained these distinctions in the first place in SAML 1.1. In any case, this is pretty much at the level of an editorial change and shouldn't be an issue going forward. [FH] We may also want to add the statements regarding the equivalent FIPS algorithms to the SSL conformance section from the security considerations document. [\FH] I have done so in the (forthcoming) conformance draft. [FH] Is it reasonable to also require implementation of TLS_RSA_WITH_RC4_128_SHA? [\FH] I believe this is linked to the first issue mentioned above, let me finish reviewing why we made the specific choices mentioned in the current draft. - prateek
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]