- From: Mark Little <mark.little@jboss.com>
- Date: Sun, 8 Jul 2007 11:42:39 +0100
- To: Paul Cotton <Paul.Cotton@microsoft.com>
- Cc: Philippe Le Hegaret <plh@w3.org>, public-ws-policy <public-ws-policy@w3.org>
- Message-Id: <4CB73737-BE1F-4536-AC4E-2904748BBE6B@jboss.com>
+1 On 6 Jul 2007, at 03:06, Paul Cotton wrote: > > Personally, I would be reluctant to override the current advice on > SSL/TLS contained in the WS-I Basic Security Profile 1.0 [1]. It > recommends the use of TLS 1.0 for Web services. > > /paulc > > [1] http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html > > Paul Cotton, Microsoft Canada > 17 Eleanor Drive, Ottawa, Ontario K2E 6A3 > Tel: (613) 225-5445 Fax: (425) 936-7329 > mailto:Paul.Cotton@microsoft.com > > > > > >> -----Original Message----- >> From: public-ws-policy-request@w3.org [mailto:public-ws-policy- >> request@w3.org] On Behalf Of Philippe Le Hegaret >> Sent: July 5, 2007 5:28 PM >> To: public-ws-policy >> Subject: [Bug 4836] RFC4346 obsoletes RFC2246 >> >> >> http://www.w3.org/Bugs/Public/show_bug.cgi?id=4836 >> >> I noticed that RFC4346 (TLS 1.1) obsoletes RFC2246 (TLS 1.0) and, >> since >> both the framework and attachment specifications are referencing RFC >> 2246, i wonder if the Group considered using RFC 4346. >> >> It's not clear to me how TLS 1.1 is deployed. The RFC was >> published in >> April 2006. There is a ongoing work on TLS 1.2 [1]. I didn't find >> evidences that Java or .Net supports 1.1. >> >> Digging around, I found a discussion on this subject at [2], which >> seems >> to indicate that this is still an open question. >> >> The WS-Policy specifications only mentions "such as [...], SSL/TLS >> [IETF >> RFC 2246],". >> >> My proposal is to either: >> 1. leave the specification as is, since it's only mentioned as a >> possibility and isn't a normative reference. >> 2. change the reference from "2246" to "2246 or its successors". >> >> If the Group comes up with a third solution, I'll probably be >> happy as >> well. >> >> Philippe >> >> [1] http://www.ietf.org/html.charters/tls-charter.html >> [2] http://osdir.com/ml/ietf.apps-discuss/2007-01/msg00040.html >> > > ---- Mark Little mark.little@jboss.com JBoss, a Division of Red Hat Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in UK and Wales under Company Registration No. 3798903 Directors: Michael Cunningham (USA), Charlie Peters (USA) and David Owens (Ireland)
Received on Monday, 9 July 2007 06:59:52 UTC