- From: Christopher B Ferris <chrisfer@us.ibm.com>
- Date: Tue, 10 Jul 2007 12:55:16 -0400
- To: Mark Little <mark.little@jboss.com>
- Cc: Paul Cotton <Paul.Cotton@microsoft.com>, Philippe Le Hegaret <plh@w3.org>, public-ws-policy <public-ws-policy@w3.org>, public-ws-policy-request@w3.org
- Message-ID: <OFE2F24DC1.29932B59-ON85257314.005C4447-85257314.005CCAC7@us.ibm.com>
+1 Christopher Ferris STSM, Software Group Standards Strategy email: chrisfer@us.ibm.com blog: http://www.ibm.com/developerworks/blogs/page/chrisferris phone: +1 508 234 2986 public-ws-policy-request@w3.org wrote on 07/08/2007 06:42:39 AM: > +1 > > On 6 Jul 2007, at 03:06, Paul Cotton wrote: > > Personally, I would be reluctant to override the current advice on > SSL/TLS contained in the WS-I Basic Security Profile 1.0 [1]. It > recommends the use of TLS 1.0 for Web services. > > /paulc > > [1] http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html > > Paul Cotton, Microsoft Canada > 17 Eleanor Drive, Ottawa, Ontario K2E 6A3 > Tel: (613) 225-5445 Fax: (425) 936-7329 > mailto:Paul.Cotton@microsoft.com > > -----Original Message----- > From: public-ws-policy-request@w3.org [mailto:public-ws-policy- > request@w3.org] On Behalf Of Philippe Le Hegaret > Sent: July 5, 2007 5:28 PM > To: public-ws-policy > Subject: [Bug 4836] RFC4346 obsoletes RFC2246 > > http://www.w3.org/Bugs/Public/show_bug.cgi?id=4836 > > I noticed that RFC4346 (TLS 1.1) obsoletes RFC2246 (TLS 1.0) and, since > both the framework and attachment specifications are referencing RFC > 2246, i wonder if the Group considered using RFC 4346. > > It's not clear to me how TLS 1.1 is deployed. The RFC was published in > April 2006. There is a ongoing work on TLS 1.2 [1]. I didn't find > evidences that Java or .Net supports 1.1. > > Digging around, I found a discussion on this subject at [2], which seems > to indicate that this is still an open question. > > The WS-Policy specifications only mentions "such as [...], SSL/TLS [IETF > RFC 2246],". > > My proposal is to either: > 1. leave the specification as is, since it's only mentioned as a > possibility and isn't a normative reference. > 2. change the reference from "2246" to "2246 or its successors". > > If the Group comes up with a third solution, I'll probably be happy as > well. > > Philippe > > [1] http://www.ietf.org/html.charters/tls-charter.html > [2] http://osdir.com/ml/ietf.apps-discuss/2007-01/msg00040.html > > ---- > > Mark Little > mark.little@jboss.com > > JBoss, a Division of Red Hat > Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod > Street, Windsor, Berkshire, > SI4 1TE, United Kingdom. > Registered in UK and Wales under Company Registration No. 3798903 > Directors: Michael Cunningham (USA), Charlie Peters (USA) and David > Owens (Ireland)
Received on Tuesday, 10 July 2007 16:55:31 UTC