Re: submitted on behalf of Igor Balabine....... CPA and overrides

[christopher ferris <chris.ferris@east.sun.com>]

All,

Please let's discontinue this thread. It is meaningless
as the meaning of "discard" could be anything from obliterate
the bits from existance" to "log it, place the message in suspense
and deal with it out of band". The key for me, and I believe
what Igor was trying to convey is that it is up to the
receiving party's security policies to determine the course of
action to be taken.

Note that the spec doesn't say anything about what you do when
you receive a message that is incorrectly signed, so the point
is moot.

Let's focus on real issues please.

Cheers,

Chris

David Fischer wrote:
> 
> Not at all.  The point of security is so I don't have to verify out-of-band.
> If security does not match, I don't discard, I just have to verify by some
> other method.  Resend is one approach, but not the only approach.
> 
> David.
> 
> -----Original Message-----
> From: christopher ferris [mailto:chris.ferris@east.sun.com]
> Sent: Monday, February 26, 2001 10:34 AM
> To: Miller, Robert (GXS)
> Cc: ebXML Transport (E-mail)
> Subject: Re: submitted on behalf of Igor Balabine....... CPA and
> overrides
> 
> Yes, but the million $ PO could be a scam, a spoof,
> and accepting it on faith would be a mistake whether
> the business were large or small.
> 
> I'd opt for asking the supposed sender to resend it,
> signed correctly.
> 
> Following David's approach, we might as well chuck all
> of security out the door as being a waste of time and
> effort.
> 
> Cheers,
> 
> Chris
> 
> "Miller, Robert (GXS)" wrote:
> >
> > David,
> >
> > That's not a case of behaving like a small guy.  The big guys don't want
> to
> > discard business either!
> >
> > Cheers,
> >         Bob
> >
> > -----Original Message-----
> > From: David Fischer [mailto:david@drummondgroup.com]
> > Sent: Monday, February 26, 2001 9:54 AM
> > To: Maryann Hondo
> > Cc: ebXML Transport (E-mail)
> > Subject: RE: submitted on behalf of Igor Balabine....... CPA and
> > overrides
> >
> > Let me understand...  If I (a small business man) get a multi-million
> dollar
> > PO from IBM but the security is not EXACTLY correct, I am just to discard?
> > This is my chance, my dream.  I am going to verify and process this
> > out-of-band.  I will certainly NOT discard just because a bit is out of
> > place.
> >
> > We have to think small.  Most businesses cannot do business like the big
> > guys.  They cannot be that strict, arbitrarily rejecting business
> documents
> > because they might lie just outside the rules.
> >
> > David Fischer
> > Drummond Group
> >
> > ------------------------------------------------------------------
> > To unsubscribe from this elist send a message with the single word
> > "unsubscribe" in the body to: ebxml-transport-request@lists.ebxml.org
begin:vcard 
n:Ferris;Christopher
tel;cell:508-667-0402
tel;work:781-442-3063
x-mozilla-html:FALSE
org:Sun Microsystems, Inc;XTC Advanced Development
adr:;;;;;;
version:2.1
email;internet:chris.ferris@east.sun.com
title:Sr. Staff Engineer
fn:Christopher Ferris
end:vcard