- changed status to resolved
Editorial: unclear language in TLS Considerations 8.5
Because the term BCP195 is only introduced here it isn’t clear that the four permitted cipher suites listed in the previous clause are the only cipher suites allowed under BCP195. Instead this can be be read that you can use additional ciphers included in BCP195 when what it means if you can use ciphers OTHER than those included in BCP195.
Original
- For the
authorization_endpoint
, the authorization server MAY allow additional cipher suites that are permitted by the latest version of [BCP195], if necessary to allow sufficient interoperability with users' web browsers.
Suggest
- For the
authorization_endpoint
, the authorization server MAY allow additional cipher suites other than those permitted by the latest version of [BCP195], if necessary to allow sufficient interoperability with users' web browsers.
This makes it clear that BCP195 is the source of the cipher suite and not that it contains extras apart from the four above.
Comments (9)
-
-
fixes
#323- Editorial: unclear language in TLS Considerations 8.5→ <<cset 99f7655953db>>
-
Merged in issue_323 (pull request #198)
fixes
#323- Editorial: unclear language in TLS Considerations 8.5Approved-by: Dima Postnikov Approved-by: Dave Tonge Approved-by: Brian Campbell Approved-by: Nat Sakimura Approved-by: Stuart Low Approved-by: Daniel Fett
→ <<cset 19f793326cbb>>
-
- changed status to open
Reopening this, as the new language permits:
- cipher suites with NULL encryption.
- RC4 cipher suites.
- cipher suites offering less than 112 bits of security
I don't think there's been any evidence put forward that we should allow these things, and it's more than an editorial change.
-
- changed status to resolved
fixes
#323- revert to original text and add note and local regulations requirement→ <<cset 70319651bd5a>>
-
#fixes
#323- spelling fix→ <<cset a67f74874fbc>>
-
- changed component to Part 2: Advanced
-
- changed component to FAPI 1 – Part 2: Advanced
-
- changed component to FAPI 1: Advanced
- Log in to comment
fixes
#323- Editorial: unclear language in TLS Considerations 8.5→ <<cset d9de9bcb79b3>>