Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] RE: Updates to AD Cookbook 2013

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: Updates to AD Cookbook 2013

Chronological Thread 
  • From: Eric Goodman <>
  • To: "" <>
  • Subject: [AD-Assurance] RE: Updates to AD Cookbook 2013
  • Date: Fri, 6 Sep 2013 15:46:41 +0000
  • Accept-language: en-US

One correction (problem with late night editing):


We may need an alternate means statement here to allow SSL/TLS using RC4.

    • need LDAPS instructions
    • we separately pointed out that standard SSL/TLS uses the RC4 cipher. This may STILL need an alternate means section here to justify its use until there's widespread adoption of newer SSL/TLS protocols, though following the assertion we made for, we can probably just declare interception as "impractical"


This should reference SHA-1. This was a reference to SHA-1 approval being discontinued as of January (as is currently being discussed on the parent Assurance list). I don’t know/remember if RC4 protocol usage is actually a concern in the context of SSL.


--- Eric

Archive powered by MHonArc 2.6.16.

Top of Page