- From: Stephen Farrell <stephen.farrell@baltimore.ie>
- Date: Thu, 14 Nov 2002 14:22:08 +0000
- To: www-xkms@w3.org
Fulfilling an action from last week's phone call: "When TLS is to be used in XKMS, XKMS responders MUST support server authenticated TLS. Note that this means that an XKMS client need only support anonymous TLS, since to require otherwise would mean that all XKMS clients would have to be able to store root certificates for TLS usage. All XKMS clients and responders which support TLS MUST support the TLS_RSA_WITH_3DES-EDE_CBC_SHA ciphersuite. Other ciphersuites MAY be supported, but "export" grade ciphersuites are NOT RECOMMENDED to be supported." This probably needs to go into the base spec (?). Note that it doesn't say when TLS usage is required (if ever), just what kind of TLS profile a client or server have to include. Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
Received on Thursday, 14 November 2002 09:38:45 UTC