- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Wed, 4 Dec 2002 08:02:34 -0800
- To: "Www-Xkms (E-mail)" <www-xkms@w3.org>
- Message-ID: <CE541259607DE94CA2A23816FB49F4A34D61BC@vhqpostal6.verisign.com>
77 Made a minor wording change to make it clear that export grade = crap
crypto
All XKMS clients and responders which support TLS MUST support the
TLS_RSA_WITH_3DES-EDE_CBC_SHA ciphersuite. Other ciphersuites MAY be
supported, but weak ciphersuites intended to meet export restrictions
("export grade") are NOT RECOMMENDED to be supported."
54 Done (by Shivram)
Incidentaly, deleted the class="warning" markers.
47, 98, Will do tommorow I hope
25 My to do list
78 done
An XKMS service may require protection against a Denial of Service
attack by means of protocol measures. Such measures may not be required
in circumstances where an XKMS service is protected against Denial of
Service by other means such as the service is managed on an isolated,
tightly controlled network and does not provide service outside that
network.
Denial of service attacks that originate from a single identified source
or set of sources may be addressed by applying velocity controls. In
cases where the source of the denial of service is disguised lightweight
authentication techniques such as the two-phase protocol described
bellow may be used to detect requests from forged addresses.
I also moves the nonce construction stuff to a different section, should
probably go in an appendix since it is non normative.
79 Open - pending completion of the list discussion.
Received on Wednesday, 4 December 2002 11:02:37 UTC