OASIS Emergency Management TC

Re: [emergency] Message encryption -- was RE: [emergency-comment] RE: [CAP] RE: CAP-list digest...)

  • 1.  Re: [emergency] Message encryption -- was RE: [emergency-comment] RE: [CAP] RE: CAP-list digest...)

    Posted 03-26-2004 22:02
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    emergency message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: Re: [emergency] Message encryption -- was RE: [emergency-comment] RE: [CAP] RE: CAP-list digest...)


    On Mar 24, 2004, at 2:45 PM, Kon Wilms wrote:
    
    > In my personal opinion this is clearly outside the scope of the CAP 
    > message,
    > and any vendor worth their salt should be able to easily pick one of 
    > many
    > standards available to encrypt messages (PKI, symkey, SSL, etc.) where
    > needed, no matter the transport used. You can do this dependent on the
    > transport, or not. Pick your option - pipe or content encryption (or 
    > both).
    > Nothing complex or non-standard for implementation here.
    >
    > Someone mentioned HTTP in a previous post - this is the same concept. 
    > How
    > many servers do you see using self-signed HTML pages with an embedded 
    > hash
    > or such, vs. using SSL to encrypt vanilla HTML pages. A big fat zero.
    
    I completely agree - not part of CAP. That being said, just as using 
    SSL to define/profile "how" pages should be sent securely across HTTP, 
    we do need to address transporting the data to ensure we done a bunch 
    of servers (aka implementations) doing their own thing. Otherwise 
    nothing will work. We need to provide at least some level of guidance.
    
    Allen
    
    --
    R. Allen Wyke
    Chair, OASIS Emergency Management TC
    emergency-tc@earthlink.net
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]