OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Updated: (MQTT-104) The Normative and Non-Normative References in WD 15 need some work

     [ http://tools.oasis-open.org/issues/browse/MQTT-104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Coppen updated MQTT-104:
--------------------------------

    Proposal: 
Normative changes:
Remove reference to RFC1700 (Section 1.3)

Update reference to TLS protocol > http://tools.ietf.org/html/rfc5246 < (Proposed Standard)

Update WebSocket reference to point yo RFC 6455 (Proposed Standard)


Non-Normative changes
Editors to research and include non-normative references to support remainder of Section 5 .

> The Normative and Non-Normative References in WD 15 need some work
> ------------------------------------------------------------------
>
>                 Key: MQTT-104
>                 URL: http://tools.oasis-open.org/issues/browse/MQTT-104
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Bug
>          Components: core
>            Reporter: Peter Niblett
>
> Some errors in Section 1.3  
> - It lists  RFC 1700  (Assigned numbers) but this RFC is now obsolete, and so should be deleted.  Also there was no real need to reference it, as it was only being used as a justification for putting 16 bit integers in MSB:LSB order.  
> - The TLS protocol reference is incorrect.  It should be [RFC 5246] and the URL should be http://tools.ietf.org/html/rfc5246   (not 6455). Also you could describe it as a Proposed Standard
> - The WebSocket reference is incorrect. It should be [RFC 6455].  Also it should say "Proposed Standard" rather than "Proposed Standard STD2".
> There are also several places in section 5 which need to point to a normative or non-normative reference in 1.3 or 1.4... I think they are mostly for 1.4
> 1. Server implementations that offer TLS SHOULD use TCP port 8883 [IANA service name: secure-mqtt]. 
> 2,3,4.  In addition to technical security issues there may also be geographic (e.g., European SafeHarbour), industry specific (e.g., PCI DSS) and regulatory considerations (e.g., Sarbannes-Oxley).
> 5,6. Advanced Encryption Standard (AES) and Data Encryption Standard (DES)
> 7. ISO 29192 
> 8,9 LDAP or Oauth tokens
> 10. Server Name Indication extension to TLS (nb the URL given in the text for this is obsolete)
> 11. Online Certificate Status Protocol (OSCP) 
> 12.IEEE 802.1AR
> 13, SOCKSv5
> 14. SSH
> 15. NIST Cyber Security Framework
> 16. NISTIR 7628 Guidelines for Smart Grid Cyber Security
> 17. Federal Information Processing Standards (FIPS-140-2)
> 18. PCI-DSS
> 19. NSA Suite B

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]