The security information in a CPP is only that which is required for interoperability with a prospective trading partner. Any keys in the CPP are public keys. I suppose that a Party that is concerned about putting any of those items in a published CPP could put in the metadata a comment asking a prospective trading partner to exchange that information privately. CPPA team, please consider Bryan's question below. Regards, Marty At 08:01 AM 7/20/2004, Bryan Rasmussen wrote: >Anyone have some example cpps with stringent security requirements, >detailing encryption algorithms, certificates etc. Also, can't this kind of >information in a cpp be a security hole? > >The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The >list archives are at http://lists.ebxml.org/archives/ebxml-dev/ >To subscribe or unsubscribe from this list use the subscription manager: ><http://www.oasis-open.org/mlmanage/> ************************************* Martin Sachs standards architect Cyclone Commerce msachs@cyclonecommerce.com The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The list archives are at http://lists.ebxml.org/archives/ebxml-dev/ To subscribe or unsubscribe from this list use the subscription manager: <http://www.oasis-open.org/mlmanage/>
<<attachment: winmail.dat>>