Open issue on BSP10 secure channel (Re: [ogsa-wg] Teleconference minutes - 12 September 2005)

Takuya Mori moritaku at bx.jp.nec.com
Thu Sep 15 09:25:09 CDT 2005 

Hi All,

I am sending this message to get more opinions on the issue 
about requiring the implementations to support both TLS and MLS.

Hopefully, I'd like to form a consensus on it before reviewing 
the BSP on the next monday call.

>   - R0301,0302: mandates that the RECEIVER support both TLS and MLS;
>     and SENDER can use either.
>     - Hiro thinks that this sets too high a bar on implementations and
>       should be relaxed for the RECEIVER also.
>     - Takuya thinks that the secure channel profile sets a high bar
>       anyway so this additional requirement is acceptable and is
>       needed to promote interoperability.
>     - No consensus reached.
>     - Takuya will put the issue to the list to get more opinions.

Here is the statement.

----
R0301 A RECEIVER MUST support both Transport Layer Security and 
      Message Level Security as profiled in the section 3.2 and 
      3.3 of this Profile.

R0302 A SENDER MUST employ, at least, one of Transport Layer 
      Security or Message Level Security as profiled in the 
      section 3.2 and 3.3 of this Profile.
----

The current draft of the OGSA BSP10 Secure Channel mandates a 
RECEIVER to "support" both TLS and MLS, while it requires to
use at least one of them for a SENDER.

My intention here is that to require the support of the both
of TLS and MLS by a RECEIVER is essential to ensure 
interoperability,  because supporting one of them by a RECEIVER
allows mismatch of the protocol between a RECEIVER and SENDER.

On the otherhand, as described in the minutes above by Andreas,
Hiro thinks that this sets too high a bar on implementations and
should be relaxed for the RECEIVER also.

I can also understand his opinion.  And I think the cause of
the contrary is that we have different priorities between
interoperability and practicability.

Any comments to this issue will be welcomed very much!
Just telling us your preference will also be great.

Thanks,
Takuya

More information about the ogsa-wg mailing list