[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Security Proposal
> > >> If the POC used PGP there would be no need for a CA. The POC participants >> would simply exchange public keys (which also cost $0, as compared to PKI >> certificates). Would POC implementers be interested in using PGP > I would like to correct the above statement about PKI certs costing money. It is a trivial operation to set up our own CA, in fact, I have done it in 10 minutes using open source software. (see www.openssl.org). What costs is to have a company such as Verisign vouch for your certificate, the whole trust issue. We can circumvent the trust issue by defining trust ourselves. Using PGP would be the bottom of the barrel solution, and I am not so sure what it would prove to anybody who is in the know. Should the POC only speak to people who do not know what they are watching exactly? Making the wrong choice here could spawn more of those "ebxml is lame" quotes in prominent media. We might just as well Base64 encode the payloads and declare it to be encrypted! ** Should this group choose to choose certificate based encryption, XMLGLobal will form a CA and sign participant signatures so that they are recognized by the CA for the purposes of the POC in Vancouver. If PGP is the choice, there is an open source alternative available at www.gnupg.org. GnuPG conforms to RFC2440. Cheers, Matthew MacKenzie XMLGlobal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC