Comments (2)
Participants are advised to verify their implementation against the recent Standards change:
The following cipher suites SHOULD NOT be supported:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
and the additional proposal in this issue, to ensure any concerns can be considered during Maintenance Iteration 20.
from standards-maintenance.
The FAPI WG now has proposed wording for both FAPI 2.0 and FAPI-CIBA, but not yet FAPI 1.0 Advanced.
Note BCP195 link: https://www.rfc-editor.org/info/bcp195
FAPI 2.0 wording:
shall follow the recommendations for Secure Use of Transport Layer Security in [@!BCP195];
This change is accompanied by additional requirements the FAPI 2.0 Security Profile introduces for TLS which are not present in FAPI 1.0 Advanced.
FAPI-CIBA wording:
Only the cipher suites recommended in [@!BCP195] shall be permitted.
This change is closely aligned to the original wording in FAPI 1.0 Advanced and alters the constrained list of TLS 1.2 ciphers to instead adopt BCP195. As a result, it is proposed that this wording be adopted. Once FAPI 2.0 is adopted by the Consumer Data Standards, the Security Profile can simply defer to the FAPI 2.0 Security Profile for TLS.
Therefore, there is a small change to the original proposal altering "by" to be "in":
Proposed solution
In addition to section 8.5 of [FAPI-1.0-Advanced] only cipher suites recommended in BCP 195 SHALL be permitted.
from standards-maintenance.
Related Issues (20)
- Update CDS documentation to clarify expected rate value 'sign' (+/-) for each RateType HOT 6
- Update guidance for Banking account rate detail HOT 2
- Update TLS cipher suite requirements to address DHEat Attacks and Raccoon Attack vulnerabilities HOT 3
- AmountString field type impractical for energy tariffs HOT 12
- Set a character limit for resource identifiers
- Clarify selection of Trusted Adviser in the CX Guidelines HOT 9
- Maintenance Iteration 20 Holistic Feedback HOT 7
- Inconsistent JARM error responses HOT 2
- Weaken JARM Encryption Requirements for ADRs HOT 1
- Supporting HTTP Status 429 passthrough from Secondary Data Holder HOT 2
- Specify units of currency to be used for the AmountString field type HOT 5
- EnergyPlanTariffPeriod - cater for plans with no dailySupplyCharge HOT 5
- Clarify Transaction Security requirements
- Get Metrics V5 error metrics documentation HOT 1
- A status of POSTED should indicate the final update for a transaction
- Addition of LVR in the enumerated values list for constraintType HOT 1
- Guidance in the standards for a posting date/time where no time is stored HOT 9
- Enhancing CDR Adoption: Streamlining Account Selection and Improving Data Transparency HOT 5
- Revise the Availability Requirements NFRs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from standards-maintenance.