OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-transport message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: TRP Error Handling Spec Draft


Daniel

I think you've possible missed some of the early conversations, but I think
everyone will agree with me that we plan in a later version of the Messaging
Services Spec, support XML DSig. It was just everyone's view that it was not
quite finished yet and that therefore we would support S/MIME and/or PGP in
the short-medium term.

I'm wondering why you suggest DOM hash as a method of generating a hash over
a canonical representation of an XML document. Is it to ensure that the
document has not been corrupted. Just wondering.

Davud

-----Original Message-----
From: Daniel Ling [mailto:dan@vcheq.com]
Sent: Monday, September 11, 2000 11:21 AM
To: dick@8760.com; Christopher Ferris; Burdett, David
Cc: ebXML Transport (E-mail)
Subject: Re: TRP Error Handling Spec Draft


Hi Dick,
        I'd highly recommend we look at
http://www.ietf.org/rfc/rfc2803.txt RFC for DOM Hash as it gives concise
method of an interoperable
hashing for documents which we might transport.

        An interesting movement to take note of is the XML DSig forum in the
W3C working group, more information can be had at
http://www.w3.org/Signature/ and there's a reference implementation at
Alphaworks http://www.alphaworks.ibm.com/tech/xmlsecuritysuite which is
definitely worth looking at. No need to reinvent the spokes of the wheel
here. Do tell me what you think.

Regards,
Daniel Ling
Technical Architect
VCHEQ
PGP Key ID : 0122020A
PGP Fingerprint : 37B4 E1ED 2840 6EA7 917C  7D84 6608 0EED 0122 020A
WEB: www.vcheq.com
DID: 65-8258225
FAX: 65-5365082

CONFIDENTIALITY CAUTION : This message is intended only for the use of the
individual or entity  to whom it is addressed and contains information that
is privileged and confidential. If you, the reader of this message, are not
the intended recipient, you should not disseminate, distribute or copy this
communication. If you have received this communication in error, please
notify us immediately by return email and delete the original message. Thank
you.
----- Original Message -----
From: "Dick Brooks" <dick@8760.com>
To: "Christopher Ferris" <chris.ferris@east.sun.com>; "Burdett, David"
<david.burdett@commerceone.com>
Cc: "ebXML Transport (E-mail)" <ebxml-transport@lists.ebxml.org>
Sent: Thursday, September 07, 2000 11:17 PM
Subject: RE: TRP Error Handling Spec Draft


Just a couple of points regarding digital signatures:

- Some industry groups require digital signatures (both PGP and S/MIME) on
documents, it is imperative that they be fully supported in ebXML.
- A DoS attack can occur if there are no access controls on the E-Commerce
server (SMTP for example).
- A DoS attack involving crypto functions is less likely when access
controls are in place

Dick Brooks
Group 8760
110 12th Street North
Birmingham, AL 35203
dick@8760.com
205-250-8053
Fax: 205-250-8057
http://www.8760.com/

InsideAgent - Empowering e-commerce solutions




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help


Powered by eList eXpress LLC