View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003123 | 10000-007: Profiles | Spec | public | 2015-07-13 06:31 | 2015-07-21 16:34 |
| Reporter | Randy Armstrong | Assigned To | Karl Deiretsbacher | ||
| Priority | normal | Severity | feature | Reproducibility | sometimes |
| Status | closed | Resolution | fixed | ||
| Target Version | 1.03 | Fixed in Version | 1.03 | ||
| Summary | 0003123: Add TLS 1.2 Profile with PFS (Perfect Forward Secrecy) | ||||
| Description | Include | ||||
| Tags | No tags attached. | ||||
| Commit Version | |||||
| Fix Due Date | |||||
|
|
This Facet defines a transport security for configurations with high security needs and perfect forward security (PFS). It makes use of TLS 1.2 and uses TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 or TLS_DHE_RSA_WITH_AES_256_CBC_SHA256. As computing power increases, security algorithms are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. NIST has no recommendations for this TransportSecurity. It is recommended that Servers and Clients support all security profiles and developers provide the recommended profile as a default. It is up to an administrator to configure the actual exposed TransportSecurity Profiles. |
|
|
The conformance unit requires that both be supported. |
|
|
The connection is established using TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 or TLS_DHE_RSA_WITH_AES_256_CBC_SHA256. That has a MinAsymmetricKeyLength – 2048, MaxAsymmetricKeyLength – 4096, CertificateSignatureAlgorithm – SHA256. (TLS 1.2) |
|
|
Added a new facet for PFS to Draft 15 of Part 7. |
|
|
Agreed to changes in telecon. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-07-13 06:31 | Randy Armstrong | New Issue | |
| 2015-07-14 15:27 | Jim Luth | Assigned To | => Karl Deiretsbacher |
| 2015-07-14 15:27 | Jim Luth | Status | new => assigned |
| 2015-07-14 15:35 | Randy Armstrong | Note Added: 0006230 | |
| 2015-07-14 15:36 | Randy Armstrong | Note Added: 0006231 | |
| 2015-07-14 15:38 | Randy Armstrong | Note Added: 0006232 | |
| 2015-07-21 15:35 | Karl Deiretsbacher | Note Added: 0006242 | |
| 2015-07-21 15:35 | Karl Deiretsbacher | Status | assigned => resolved |
| 2015-07-21 15:35 | Karl Deiretsbacher | Resolution | open => fixed |
| 2015-07-21 16:34 | Jim Luth | Note Added: 0006252 | |
| 2015-07-21 16:34 | Jim Luth | Status | resolved => closed |
| 2015-07-21 16:34 | Jim Luth | Fixed in Version | => 1.03 |
