Open issue on BSP10 secure channel (Re: [ogsa-wg] Teleconference minutes - 12 September 2005)
Takuya Mori
moritaku at bx.jp.nec.com
Thu Sep 15 09:25:09 CDT 2005
Hi All,
I am sending this message to get more opinions on the issue
about requiring the implementations to support both TLS and MLS.
Hopefully, I'd like to form a consensus on it before reviewing
the BSP on the next monday call.
> - R0301,0302: mandates that the RECEIVER support both TLS and MLS;
> and SENDER can use either.
> - Hiro thinks that this sets too high a bar on implementations and
> should be relaxed for the RECEIVER also.
> - Takuya thinks that the secure channel profile sets a high bar
> anyway so this additional requirement is acceptable and is
> needed to promote interoperability.
> - No consensus reached.
> - Takuya will put the issue to the list to get more opinions.
Here is the statement.
----
R0301 A RECEIVER MUST support both Transport Layer Security and
Message Level Security as profiled in the section 3.2 and
3.3 of this Profile.
R0302 A SENDER MUST employ, at least, one of Transport Layer
Security or Message Level Security as profiled in the
section 3.2 and 3.3 of this Profile.
----
The current draft of the OGSA BSP10 Secure Channel mandates a
RECEIVER to "support" both TLS and MLS, while it requires to
use at least one of them for a SENDER.
My intention here is that to require the support of the both
of TLS and MLS by a RECEIVER is essential to ensure
interoperability, because supporting one of them by a RECEIVER
allows mismatch of the protocol between a RECEIVER and SENDER.
On the otherhand, as described in the minutes above by Andreas,
Hiro thinks that this sets too high a bar on implementations and
should be relaxed for the RECEIVER also.
I can also understand his opinion. And I think the cause of
the contrary is that we have different priorities between
interoperability and practicability.
Any comments to this issue will be welcomed very much!
Just telling us your preference will also be great.
Thanks,
Takuya
More information about the ogsa-wg
mailing list