You would only publish a CPP if you were looking to pair it with various partners. Also, the CPP only tells the remote end what is needed to connect to you securely, it doesn't give you the credentials to do so. Generally, even endpoints declared in the CPP would likely be unresolvable outside of the party's extranet VPN, so I don't really see this as a security hole. It may be a security hole if the interface isn't actually secured and you were previously relying on obscurity to keep your network safe. Matthew MacKenzie . Sr. Architect . Adobe Systems On 20-Jul-04, at 9:01 AM, Bryan Rasmussen wrote: > > Anyone have some example cpps with stringent security requirements, > detailing encryption algorithms, certificates etc. Also, can't this > kind of > information in a cpp be a security hole? > > The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> > The > list archives are at http://lists.ebxml.org/archives/ebxml-dev/ > To subscribe or unsubscribe from this list use the subscription > manager: > <http://www.oasis-open.org/mlmanage/> > The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The list archives are at http://lists.ebxml.org/archives/ebxml-dev/ To subscribe or unsubscribe from this list use the subscription manager: <http://www.oasis-open.org/mlmanage/>
<<attachment: winmail.dat>>