Thank you for your graciousness, Phillip.
Actually, in the current DRAFT specification of the SKSML
protocol, we do rely on WSS using the X.509 profile for strong
authentication, message integrity and an optional second layer
of payload-encryption, for the super-paranoid.
However, since WSS has the framework to support many other forms
of security tokens, SKSML itself is insulated from any changes at
the WSS layer and could use alternative means of securing the
payload and communication.
WRT 1619.3, I agree that there is significant overlap - although
their scope is significantly narrower. I have reached out to both
the Chairs of the newly-formed group (see attached e-mail) to
discuss ways and means of working together, but have not heard back
from either of them (despite a follow-up e-mail too). Perhaps if
people on this discussion thread have a means of coordinating a
meeting between the two groups, that might be beneficial for all.
Arshad Noor
StrongAuth, Inc.
Hallam-Baker, Phillip wrote:
> Well lets try to work together then.
>
> We may not be able to share protocols if you are serious about the concern that public key crypto might be broken but you might well find the Private Key Container format useful.
>
> The areas of overlap with 1619.3 are likely to be rather wider