[security] [PROPOSAL] Adding More Color Around SSL Use
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Fri Oct 27 22:02:31 UTC 2006
I think, that these are just baby steps to the better. You are certainly
right below...and clearer definition of it has to be proposed....Feeling
like making an additional proposal for discussion?
I also would like to see a change and definition, where SSL / TLS is not
required, in order to make this things very clear!
Hans Granqvist wrote:
> -1, if it's not too late
>
> There are too many unknowns in this proposed change. While the
> current text is not good, adding this to the spec is likely to
> cause harm, for example:
>
> What forms of SSL (incl. cipher suites) are recommended? What
> is "a trusted authority" -- trusted by whom and for what? What
> does "secure manner" mean?
>
> I'm also wondering how the proposed security profiles correlate
> with this change. It seems proper to reference these profiles
> here. Can you shed some light?
>
> Please also note that SSL has been more or less superseded by
> TLS. TLS1 and SSL3 are quite similar, but not entirely, so
> equating SSL with TLS should be spelled out. (Unless you imply
> TLS is verboten, which I don't think is what you're doing :)
>
> Hans
> _______________________________________________
> security mailing list
> security at openid.net
> http://openid.net/mailman/listinfo/security
>
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061028/e8672763/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061028/e8672763/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061028/e8672763/attachment-0002.bin>
More information about the security
mailing list