ad-assurance - [AD-Assurance] RE: Updates to AD Cookbook 2013

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: Updates to AD Cookbook 2013

From: Eric Goodman <>
To: "" <>
Subject: [AD-Assurance] RE: Updates to AD Cookbook 2013
Date: Fri, 6 Sep 2013 15:46:41 +0000
Accept-language: en-US

One correction (problem with late night editing):

We may need an alternate means statement here to allow SSL/TLS using RC4.

need LDAPS instructions
we separately pointed out that standard SSL/TLS uses the RC4 cipher. This may STILL need an alternate means section here to justify its use until there's widespread adoption of newer SSL/TLS protocols, though following the assertion we made for 4.2.6.2.1, we can probably just declare interception as "impractical"

This should reference SHA-1. This was a reference to SHA-1 approval being discontinued as of January (as is currently being discussed on the parent Assurance list). I don’t know/remember if RC4 protocol usage is actually a concern in the context of SSL.

--- Eric

[AD-Assurance] Updates to AD Cookbook 2013, Capehart,Jeffrey D, 09/05/2013
- [AD-Assurance] RE: Updates to AD Cookbook 2013, Eric Goodman, 09/05/2013
- [AD-Assurance] RE: Updates to AD Cookbook 2013, Eric Goodman, 09/06/2013
  - [AD-Assurance] RE: Updates to AD Cookbook 2013, Capehart,Jeffrey D, 09/06/2013

List archive

[AD-Assurance] RE: Updates to AD Cookbook 2013