28 Sep
2006
28 Sep
'06
4:42 a.m.
Hi Takuya, > We could also define our own recommended ciphersuites based on the > algorithm primitives listed in the EU and Japanese documents above > as well as the NIST guideline document, but I think just refering to > the NIST gudeline document is enough for our purpose. I agree since this reference is *informative* (not normative). Thanks, ---- Hiro Kishimoto Takuya Mori wrote: > Hi all, > >> 3) Security Profile final review (Takuya, 60 min) >> Takuya will revise two security profiles before the call. > > I uploaded the two profles. > > OGSA Basic Security Profile 1.0 - Core: > https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/docman.root.working_drafts.security_profile_1_0/doc13561/11 > > OGSA Security Profile 1.0 - Secure Channel: > https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/docman.root.working_drafts.security_profile_1_0/doc13560/21 > >> > From Sept. 7 call >> AI-0907b: Takuya will search for an external reliable source of >> strong (or deprecated) ciphers to reference. > > The followoing document will be a reliable source for recommended > ciphersuites. > > Guidelines for the Selection and Use of Transport Layer Security (TLS) > Implementations, National Institute of Standards and Technology, June 2005. > http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf > > There are some other sources available, but these only provides with > recommended algorithm primitives. > > For example: > EU: NESSIE, "Portfolio of recommended cryptographic primitives", 2003. > https://www.cosic.esat.kuleuven.ac.be/nessie/deliverables/decision-final.pdf > > Japan: MIC and METI, "Recommended cipher list for e-Government", 2003. > http://www.soumu.go.jp/joho_tsusin/security/pdf/cryptrec_01.pdf > (Japanese) > > Ciphersuites are combinations of four algorithm primitives, so these > two lists itself are insufficient as source of recommended ciphersuites. > > We could also define our own recommended ciphersuites based on the > algorithm primitives listed in the EU and Japanese documents above > as well as the NIST guideline document, but I think just refering to > the NIST gudeline document is enough for our purpose. > > Thanks in advance, > Takuya > >> AI-0907c: Andreas will revise the explanatory text and send the new >> version to Takuya. >> AI-0907d: Takuya will update the documents and issue a final call >> on the list. (Probably during GGF18.) >> >> > From Aug. 31 call >> AI-0831e: (A Savva) Talk to ACS working group for refining this >> scenario. >> AI-0831f: (A Savvva) Research RNS and probably update the EMS Arch >> Scenarios document >> >> > From Aug. 17 call >> AI-0817a: Dave Berry and Jay Unger will approach groups (GIN, >> Globus, etc) that have implemented practical grids and >> start a discussion on how they handle data: >> - how data is treated as a resource that can be scheduled >> - how transfers are modeled >> - how files are advertised >> - how applications find files (query, by knowledge,?) >> (Due Oct. 9) >> >> > From Aug. 3 call >> AI-0803e: Jun will provide an example of the CDL mechanism and why >> using ID/IDREF is not a good idea. >> AI-0803f: Jun will update the CDL document to remove the Environment >> variables >> >> > From July 20 F2F >> - EGR-WG (Ravi) will contact Geoffrey Fox and invites him to >> contribute use cases. >> - Andreas to go through the minutes and formulate a reply mail to >> Geoffrey on each artifact covered in these minutes. >> ---- >> Hiro Kishimoto >> >> >> -- >> ogsa-wg mailing list >> ogsa-wg@ogf.org >> http://www.ogf.org/mailman/listinfo/ogsa-wg >> > >