OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-transport message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: TRP Error Handling Spec Draft

Folks

As most people on the list know, I'm the author of IOTP (I've mentioned it
enough times ;). Although you can look at RFC 2802 for an approach to
digital signatures, I suggest we wait for DSig since it is more generally
applicable and is based on the same overall idea of detatched signatures. I
also agree that trusted timestamps is something that we will eventually want
to get around to.

David

-----Original Message-----
From: Daniel Ling [mailto:dan@vcheq.com]
Sent: Monday, September 11, 2000 6:32 PM
To: dick@8760.com; Christopher Ferris; Burdett, David
Cc: ebXML Transport (E-mail)
Subject: Re: TRP Error Handling Spec Draft


Hi Dick,

        The proposed XML Dsig standard is still an Internet Draft which will
expires on January 11th. I have been following it closely since January this
year. If we are looking at RFCs, the reference RFCs we should look at for
the authenticity and non-repudiation of messages could come from :

-        RFC 2801 - Internet Open Trading Protocol - IOTP v1.0
-        RFC 2802 - Digital Signatures for the v1.0 Internet Open Trading
Protocol (IOTP)

        I will definitely keep this updated on any progress on the drafts
and the RFCs. XML DSig standard is probably what we should strive for as it
comes out of the working draft mode. I can come up with a framework for
integrating of these signing mechanisms into ebXML.

        Also, for the purpose of ebXML, we should look closely at Trusted
Timestamping Authorities for our documents. ie. Valicert (the entity
formerly known as Receipt.com has also been merged with them last year)


Regards,
Daniel Ling
Technical Architect
VCHEQ
PGP Key ID : 0122020A
PGP Fingerprint : 37B4 E1ED 2840 6EA7 917C  7D84 6608 0EED 0122 020A
WEB: www.vcheq.com
DID: 65-8258225
FAX: 65-5365082

CONFIDENTIALITY CAUTION : This message is intended only for the use of the
individual or entity  to whom it is addressed and contains information that
is privileged and confidential. If you, the reader of this message, are not
the intended recipient, you should not disseminate, distribute or copy this
communication. If you have received this communication in error, please
notify us immediately by return email and delete the original message. Thank
you.
----- Original Message -----
From: "Dick Brooks" <dick@8760.com>
To: "Daniel Ling" <dan@vcheq.com>; "Christopher Ferris"
<chris.ferris@east.sun.com>; "Burdett, David"
<david.burdett@commerceone.com>
Cc: "ebXML Transport (E-mail)" <ebxml-transport@lists.ebxml.org>
Sent: Tuesday, September 12, 2000 7:21 AM
Subject: RE: TRP Error Handling Spec Draft


Daniel,

Good point, we should absolutely support XML Dsig standards as well. The
proposed list of supported crypto for ebXML now includes:
- XML Dsig
- PGP/OpenPGP (a.k.a. GPG)
- S/MIME (I recommend Version 3.0, it is the IETF Proposed Standard)

Is that all of them?

Dick Brooks
Group 8760
110 12th Street North
Birmingham, AL 35203
dick@8760.com
205-250-8053
Fax: 205-250-8057
http://www.8760.com/

InsideAgent - Empowering e-commerce solutions

> -----Original Message-----
> From: Daniel Ling [mailto:dan@vcheq.com]
> Sent: Monday, September 11, 2000 1:21 PM
> To: Dick Brooks; Christopher Ferris; Burdett, David
> Cc: ebXML Transport (E-mail)
> Subject: Re: TRP Error Handling Spec Draft
>
>
> Hi Dick,
>         I'd highly recommend we look at
> http://www.ietf.org/rfc/rfc2803.txt RFC for DOM Hash as it gives concise
> method of an interoperable
> hashing for documents which we might transport.
>
>         An interesting movement to take note of is the XML DSig
> forum in the
> W3C working group, more information can be had at
> http://www.w3.org/Signature/ and there's a reference implementation at
> Alphaworks http://www.alphaworks.ibm.com/tech/xmlsecuritysuite which is
> definitely worth looking at. No need to reinvent the spokes of the wheel
> here. Do tell me what you think.
>
> Regards,
> Daniel Ling
> Technical Architect
> VCHEQ
> PGP Key ID : 0122020A
> PGP Fingerprint : 37B4 E1ED 2840 6EA7 917C  7D84 6608 0EED 0122 020A
> WEB: www.vcheq.com
> DID: 65-8258225
> FAX: 65-5365082
>
> CONFIDENTIALITY CAUTION : This message is intended only for the use of the
> individual or entity  to whom it is addressed and contains
> information that
> is privileged and confidential. If you, the reader of this
> message, are not
> the intended recipient, you should not disseminate, distribute or
> copy this
> communication. If you have received this communication in error, please
> notify us immediately by return email and delete the original
> message. Thank
> you.
> ----- Original Message -----
> From: "Dick Brooks" <dick@8760.com>
> To: "Christopher Ferris" <chris.ferris@east.sun.com>; "Burdett, David"
> <david.burdett@commerceone.com>
> Cc: "ebXML Transport (E-mail)" <ebxml-transport@lists.ebxml.org>
> Sent: Thursday, September 07, 2000 11:17 PM
> Subject: RE: TRP Error Handling Spec Draft
>
>
> Just a couple of points regarding digital signatures:
>
> - Some industry groups require digital signatures (both PGP and S/MIME) on
> documents, it is imperative that they be fully supported in ebXML.
> - A DoS attack can occur if there are no access controls on the E-Commerce
> server (SMTP for example).
> - A DoS attack involving crypto functions is less likely when access
> controls are in place
>
> Dick Brooks
> Group 8760
> 110 12th Street North
> Birmingham, AL 35203
> dick@8760.com
> 205-250-8053
> Fax: 205-250-8057
> http://www.8760.com/
>
> InsideAgent - Empowering e-commerce solutions
>
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC