[ogsa-wg] secure channel profile explanatory ciphersuite statements

David Snelling David.Snelling at UK.Fujitsu.com
Wed Oct 4 04:15:53 CDT 2006 

Andreas,

I believe we should include some normative statements about cypher  
suites. I would suggest we pick one or possible two that are pretty  
universal and say the MUST be supported by the server side. Clients  
SHOULD use these. and both MAY us others, including ones not yet on  
the list.

Thoughts?

On 4 Oct 2006, at 03:18, Andreas Savva wrote:

>
> The Security Profile - Secure Channel (Sep 28 draft) has a set of
> statements, which elaborate on the compliance statements, along the
> lines of "Ciphersuites listed in Table 3 in TLS-Guideline [TLS
> Guidelines] meet criteria of R0XXX." We discussed these statements  
> last
> Thursday and it was stated that such statements are not intended to be
> normative. I took an action to rewrite the text to make it clearer  
> that
> these are not normative statements.
>
> The problem I have after looking at the text again (incl the  
> compliance
> statements) and also looking at the WS-I BSP is that it does not help
> people wishing to implement the Secure Channel profile if these
> statements are not normative and if they do not describe concretely
> which suites should be used (or not). Saying 'do not use known  
> insecure
> suites' or 'only use secure ones' are motherhood statements. In any  
> case
> they are not really testable which is one point of compliance  
> statements.
>
> Also the WS-I BSP has some discussion and normative statements in
> sec.3.2 about TLS/SSL ciphersuites and since the Secure Channel states
> that it  "extends the WS-I Basic Security Profile 1.0" I became unsure
> about the relation of the various compliance statements in the Secure
> Channel and the statements in the WS-I BSP is.
>
> In short, sorry, can't do. I am not a security person... ;-)
>
> Maybe we should discuss this issue again on the next call this  
> Thursday.
> (Dave? Alan? Takuya? Frank!)
>
> Andreas
>
> --
>   ogsa-wg mailing list
>   ogsa-wg at ogf.org
>   http://www.ogf.org/mailman/listinfo/ogsa-wg

-- 

Take care:

     Dr. David Snelling < David . Snelling . UK . Fujitsu . com >
     Fujitsu Laboratories of Europe
     Hayes Park Central
     Hayes End Road
     Hayes, Middlesex  UB4 8FE

     +44-208-606-4649 (Office)
     +44-208-606-4539 (Fax)
     +44-7768-807526  (Mobile)

More information about the ogsa-wg mailing list