Giter VIP home page Giter VIP logo

Comments (2)

nils-work avatar nils-work commented on August 26, 2024

Participants are advised to verify their implementation against the recent Standards change:

The following cipher suites SHOULD NOT be supported:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

and the additional proposal in this issue, to ensure any concerns can be considered during Maintenance Iteration 20.

from standards-maintenance.

markverstege avatar markverstege commented on August 26, 2024

The FAPI WG now has proposed wording for both FAPI 2.0 and FAPI-CIBA, but not yet FAPI 1.0 Advanced.

Note BCP195 link: https://www.rfc-editor.org/info/bcp195

FAPI 2.0 wording:

shall follow the recommendations for Secure Use of Transport Layer Security in [@!BCP195];

This change is accompanied by additional requirements the FAPI 2.0 Security Profile introduces for TLS which are not present in FAPI 1.0 Advanced.

FAPI-CIBA wording:

Only the cipher suites recommended in [@!BCP195] shall be permitted.

This change is closely aligned to the original wording in FAPI 1.0 Advanced and alters the constrained list of TLS 1.2 ciphers to instead adopt BCP195. As a result, it is proposed that this wording be adopted. Once FAPI 2.0 is adopted by the Consumer Data Standards, the Security Profile can simply defer to the FAPI 2.0 Security Profile for TLS.

Therefore, there is a small change to the original proposal altering "by" to be "in":

Proposed solution

In addition to section 8.5 of [FAPI-1.0-Advanced] only cipher suites recommended in BCP 195 SHALL be permitted.

from standards-maintenance.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.