[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: TRP Error Handling Spec Draft
Hi Dick, The proposed XML Dsig standard is still an Internet Draft which will expires on January 11th. I have been following it closely since January this year. If we are looking at RFCs, the reference RFCs we should look at for the authenticity and non-repudiation of messages could come from : - RFC 2801 - Internet Open Trading Protocol - IOTP v1.0 - RFC 2802 - Digital Signatures for the v1.0 Internet Open Trading Protocol (IOTP) I will definitely keep this updated on any progress on the drafts and the RFCs. XML DSig standard is probably what we should strive for as it comes out of the working draft mode. I can come up with a framework for integrating of these signing mechanisms into ebXML. Also, for the purpose of ebXML, we should look closely at Trusted Timestamping Authorities for our documents. ie. Valicert (the entity formerly known as Receipt.com has also been merged with them last year) Regards, Daniel Ling Technical Architect VCHEQ PGP Key ID : 0122020A PGP Fingerprint : 37B4 E1ED 2840 6EA7 917C 7D84 6608 0EED 0122 020A WEB: www.vcheq.com DID: 65-8258225 FAX: 65-5365082 CONFIDENTIALITY CAUTION : This message is intended only for the use of the individual or entity to whom it is addressed and contains information that is privileged and confidential. If you, the reader of this message, are not the intended recipient, you should not disseminate, distribute or copy this communication. If you have received this communication in error, please notify us immediately by return email and delete the original message. Thank you. ----- Original Message ----- From: "Dick Brooks" <dick@8760.com> To: "Daniel Ling" <dan@vcheq.com>; "Christopher Ferris" <chris.ferris@east.sun.com>; "Burdett, David" <david.burdett@commerceone.com> Cc: "ebXML Transport (E-mail)" <ebxml-transport@lists.ebxml.org> Sent: Tuesday, September 12, 2000 7:21 AM Subject: RE: TRP Error Handling Spec Draft Daniel, Good point, we should absolutely support XML Dsig standards as well. The proposed list of supported crypto for ebXML now includes: - XML Dsig - PGP/OpenPGP (a.k.a. GPG) - S/MIME (I recommend Version 3.0, it is the IETF Proposed Standard) Is that all of them? Dick Brooks Group 8760 110 12th Street North Birmingham, AL 35203 dick@8760.com 205-250-8053 Fax: 205-250-8057 http://www.8760.com/ InsideAgent - Empowering e-commerce solutions > -----Original Message----- > From: Daniel Ling [mailto:dan@vcheq.com] > Sent: Monday, September 11, 2000 1:21 PM > To: Dick Brooks; Christopher Ferris; Burdett, David > Cc: ebXML Transport (E-mail) > Subject: Re: TRP Error Handling Spec Draft > > > Hi Dick, > I'd highly recommend we look at > http://www.ietf.org/rfc/rfc2803.txt RFC for DOM Hash as it gives concise > method of an interoperable > hashing for documents which we might transport. > > An interesting movement to take note of is the XML DSig > forum in the > W3C working group, more information can be had at > http://www.w3.org/Signature/ and there's a reference implementation at > Alphaworks http://www.alphaworks.ibm.com/tech/xmlsecuritysuite which is > definitely worth looking at. No need to reinvent the spokes of the wheel > here. Do tell me what you think. > > Regards, > Daniel Ling > Technical Architect > VCHEQ > PGP Key ID : 0122020A > PGP Fingerprint : 37B4 E1ED 2840 6EA7 917C 7D84 6608 0EED 0122 020A > WEB: www.vcheq.com > DID: 65-8258225 > FAX: 65-5365082 > > CONFIDENTIALITY CAUTION : This message is intended only for the use of the > individual or entity to whom it is addressed and contains > information that > is privileged and confidential. If you, the reader of this > message, are not > the intended recipient, you should not disseminate, distribute or > copy this > communication. If you have received this communication in error, please > notify us immediately by return email and delete the original > message. Thank > you. > ----- Original Message ----- > From: "Dick Brooks" <dick@8760.com> > To: "Christopher Ferris" <chris.ferris@east.sun.com>; "Burdett, David" > <david.burdett@commerceone.com> > Cc: "ebXML Transport (E-mail)" <ebxml-transport@lists.ebxml.org> > Sent: Thursday, September 07, 2000 11:17 PM > Subject: RE: TRP Error Handling Spec Draft > > > Just a couple of points regarding digital signatures: > > - Some industry groups require digital signatures (both PGP and S/MIME) on > documents, it is imperative that they be fully supported in ebXML. > - A DoS attack can occur if there are no access controls on the E-Commerce > server (SMTP for example). > - A DoS attack involving crypto functions is less likely when access > controls are in place > > Dick Brooks > Group 8760 > 110 12th Street North > Birmingham, AL 35203 > dick@8760.com > 205-250-8053 > Fax: 205-250-8057 > http://www.8760.com/ > > InsideAgent - Empowering e-commerce solutions > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC