Re: [Bug 4836] RFC4346 obsoletes RFC2246 from Mark Little on 2007-07-08 (public-ws-policy@w3.org from July 2007)

From: Mark Little <mark.little@jboss.com>
Date: Sun, 8 Jul 2007 11:42:39 +0100
To: Paul Cotton <Paul.Cotton@microsoft.com>
Cc: Philippe Le Hegaret <plh@w3.org>, public-ws-policy <public-ws-policy@w3.org>
Message-Id: <4CB73737-BE1F-4536-AC4E-2904748BBE6B@jboss.com>

+1


On 6 Jul 2007, at 03:06, Paul Cotton wrote:

>
> Personally, I would be reluctant to override the current advice on  
> SSL/TLS contained in the WS-I Basic Security Profile 1.0 [1].  It  
> recommends the use of TLS 1.0 for Web services.
>
> /paulc
>
> [1] http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html
>
> Paul Cotton, Microsoft Canada
> 17 Eleanor Drive, Ottawa, Ontario K2E 6A3
> Tel: (613) 225-5445 Fax: (425) 936-7329
> mailto:Paul.Cotton@microsoft.com
>
>
>
>
>
>> -----Original Message-----
>> From: public-ws-policy-request@w3.org [mailto:public-ws-policy-
>> request@w3.org] On Behalf Of Philippe Le Hegaret
>> Sent: July 5, 2007 5:28 PM
>> To: public-ws-policy
>> Subject: [Bug 4836] RFC4346 obsoletes RFC2246
>>
>>
>> http://www.w3.org/Bugs/Public/show_bug.cgi?id=4836
>>
>> I noticed that RFC4346 (TLS 1.1) obsoletes RFC2246 (TLS 1.0) and,  
>> since
>> both the framework and attachment specifications are referencing RFC
>> 2246, i wonder if the Group considered using RFC 4346.
>>
>> It's not clear to me how TLS 1.1 is deployed. The RFC was  
>> published in
>> April 2006. There is a ongoing work on TLS 1.2 [1]. I didn't find
>> evidences that Java or .Net supports 1.1.
>>
>> Digging around, I found a discussion on this subject at [2], which  
>> seems
>> to indicate that this is still an open question.
>>
>> The WS-Policy specifications only mentions "such as [...], SSL/TLS  
>> [IETF
>> RFC 2246],".
>>
>> My proposal is to either:
>> 1. leave the specification as is, since it's only mentioned as a
>> possibility and isn't a normative reference.
>> 2. change the reference from "2246" to "2246 or its successors".
>>
>> If the Group comes up with a third solution, I'll probably be  
>> happy as
>> well.
>>
>> Philippe
>>
>> [1] http://www.ietf.org/html.charters/tls-charter.html
>> [2] http://osdir.com/ml/ietf.apps-discuss/2007-01/msg00040.html
>>
>
>

----

Mark Little
mark.little@jboss.com

JBoss, a Division of Red Hat
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod  
Street, Windsor, Berkshire,
SI4 1TE, United Kingdom.
Registered in UK and Wales under Company Registration No. 3798903
Directors: Michael Cunningham (USA), Charlie Peters (USA) and David  
Owens (Ireland)

Received on Monday, 9 July 2007 06:59:52 UTC