W3C home > Mailing lists > Public > www-xkms@w3.org > November 2002

TLS profiling...

From: Stephen Farrell <stephen.farrell@baltimore.ie>
Date: Thu, 14 Nov 2002 14:22:08 +0000
Message-ID: <3DD3B190.8702B761@baltimore.ie>
To: www-xkms@w3.org


Fulfilling an action from last week's phone call:

"When TLS is to be used in XKMS, XKMS responders MUST support
server authenticated TLS. Note that this means that an XKMS
client need only support anonymous TLS, since to require
otherwise would mean that all XKMS clients would have to be 
able to store root certificates for TLS usage.

All XKMS clients and responders which support TLS MUST 
support the TLS_RSA_WITH_3DES-EDE_CBC_SHA ciphersuite.
Other ciphersuites MAY be supported, but "export" grade
ciphersuites are NOT RECOMMENDED to be supported."

This probably needs to go into the base spec (?).

Note that it doesn't say when TLS usage is required (if 
ever), just what kind of TLS profile a client or server
have to include.

Stephen.

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com
Received on Thursday, 14 November 2002 09:38:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:18 GMT