OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-transport message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: TRP Error Handling Spec Draft

Hi Dick,
        I'd highly recommend we look at
http://www.ietf.org/rfc/rfc2803.txt RFC for DOM Hash as it gives concise
method of an interoperable
hashing for documents which we might transport.

        An interesting movement to take note of is the XML DSig forum in the
W3C working group, more information can be had at
http://www.w3.org/Signature/ and there's a reference implementation at
Alphaworks http://www.alphaworks.ibm.com/tech/xmlsecuritysuite which is
definitely worth looking at. No need to reinvent the spokes of the wheel
here. Do tell me what you think.

Daniel Ling
Technical Architect
PGP Key ID : 0122020A
PGP Fingerprint : 37B4 E1ED 2840 6EA7 917C  7D84 6608 0EED 0122 020A
WEB: www.vcheq.com
DID: 65-8258225
FAX: 65-5365082

CONFIDENTIALITY CAUTION : This message is intended only for the use of the
individual or entity  to whom it is addressed and contains information that
is privileged and confidential. If you, the reader of this message, are not
the intended recipient, you should not disseminate, distribute or copy this
communication. If you have received this communication in error, please
notify us immediately by return email and delete the original message. Thank
----- Original Message -----
From: "Dick Brooks" <dick@8760.com>
To: "Christopher Ferris" <chris.ferris@east.sun.com>; "Burdett, David"
Cc: "ebXML Transport (E-mail)" <ebxml-transport@lists.ebxml.org>
Sent: Thursday, September 07, 2000 11:17 PM
Subject: RE: TRP Error Handling Spec Draft

Just a couple of points regarding digital signatures:

- Some industry groups require digital signatures (both PGP and S/MIME) on
documents, it is imperative that they be fully supported in ebXML.
- A DoS attack can occur if there are no access controls on the E-Commerce
server (SMTP for example).
- A DoS attack involving crypto functions is less likely when access
controls are in place

Dick Brooks
Group 8760
110 12th Street North
Birmingham, AL 35203
Fax: 205-250-8057

InsideAgent - Empowering e-commerce solutions

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC