- From: Paul Cotton <Paul.Cotton@microsoft.com>
- Date: Thu, 5 Jul 2007 19:06:22 -0700
- To: Philippe Le Hegaret <plh@w3.org>, public-ws-policy <public-ws-policy@w3.org>
Personally, I would be reluctant to override the current advice on SSL/TLS contained in the WS-I Basic Security Profile 1.0 [1]. It recommends the use of TLS 1.0 for Web services. /paulc [1] http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html Paul Cotton, Microsoft Canada 17 Eleanor Drive, Ottawa, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:Paul.Cotton@microsoft.com > -----Original Message----- > From: public-ws-policy-request@w3.org [mailto:public-ws-policy- > request@w3.org] On Behalf Of Philippe Le Hegaret > Sent: July 5, 2007 5:28 PM > To: public-ws-policy > Subject: [Bug 4836] RFC4346 obsoletes RFC2246 > > > http://www.w3.org/Bugs/Public/show_bug.cgi?id=4836 > > I noticed that RFC4346 (TLS 1.1) obsoletes RFC2246 (TLS 1.0) and, since > both the framework and attachment specifications are referencing RFC > 2246, i wonder if the Group considered using RFC 4346. > > It's not clear to me how TLS 1.1 is deployed. The RFC was published in > April 2006. There is a ongoing work on TLS 1.2 [1]. I didn't find > evidences that Java or .Net supports 1.1. > > Digging around, I found a discussion on this subject at [2], which seems > to indicate that this is still an open question. > > The WS-Policy specifications only mentions "such as [...], SSL/TLS [IETF > RFC 2246],". > > My proposal is to either: > 1. leave the specification as is, since it's only mentioned as a > possibility and isn't a normative reference. > 2. change the reference from "2246" to "2246 or its successors". > > If the Group comes up with a third solution, I'll probably be happy as > well. > > Philippe > > [1] http://www.ietf.org/html.charters/tls-charter.html > [2] http://osdir.com/ml/ietf.apps-discuss/2007-01/msg00040.html >
Received on Friday, 6 July 2007 02:06:39 UTC