- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Fri, 28 Mar 2008 14:51:07 -0400
- To: public-wsc-wg@w3.org
- Message-ID: <OF4B7D61ED.EE3A8454-ON8525741A.00673240-8525741A.00678E76@LocalDomain>
Another issue coming soon to a meeting near you. Same encouragement to bring up issues in email before hand. Two vast and trunkless legs of stone stand in the desert. http://www.w3.org/2006/WSC/track/issues/128 The ability to provide privacy and secure the connection between a user agent and web server is in part determined by the strength and capabilities of the TLS protocol and underlying cryptographic mechanisms. The TLS protocol is versioned to keep pace with protocol features and cipher suites that are available. Cipher suites are grouped according to algorithms and the key length used by cryptographic functions to provide cipher strength. Because of security concerns with cipher capabilities due to increases in computational power to break or crack cryptographic mechanisms, the TLS protocol is periodically updated by the IETF organization to keep pace with industry requirements. At time of this document creation the latest version of the TLS protocol is noted as IETF RFC 4346 http://www.ietf.org/rfc/rfc4346.txt <http://www.ietf.org/rfc/rfc4346.txt> . This RFC may be superseded at a later date. Since the TLS protocol specification is a moving target, the TLS protocol has functional requirements to allow the client and server to restrict usage of ciphers that are not in agreement with policies that govern the connection. Connection policy rules can include use of cipher key strength, restrictions of cipher algorithms and can further restrict accepted versions of the TLS protocol itself. Server and client policies SHOULD use the latest version of the TLS protocol and establish the TLS connection with the strongest cipher suites available if site or user policies expect secure exchange of data.
Received on Friday, 28 March 2008 18:51:58 UTC