MHonArc v2.5.2 -->

















ebxml-msg message






[Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]








Subject: RE: [ebxml-msg] What Next?




From: Dick Brooks <dick@systrends.com>
To: Cliff Collins <collinsc@sybase.com>,David Fischer <david@drummondgroup.com>, ian.c.jones@bt.com,ebxml-msg@lists.oasis-open.org
Date: Thu, 11 Apr 2002 13:30:01 -0500






Title: RE: [ebxml-msg] What Next?



Cliff, my responses are inline:
 
>3 reasons. 

 

>1. This doesn't encode the SOAP 
Envelope. If you
> want 
to obscure this information (the manifest 

> 
information, etc) you need to encrypt the entire 

> 
message.
 
Actually, all HTTP headers and data, which 
includes the entire ebXML message, are encrypted within an SSL/TLS 
session.
 
>2. What about 
SMTP?
 
Appendix B of the ebMS spec addresses this, 
ref:


An ebXML 
Message Service Handler MAY use transport layer encryption to protect the 
confidentiality of ebXML messages.  
The IETF "SMTP Service Extension for Secure SMTP over TLS" specification 
[RFC2487] provides the specific technical details and list of allowable options, 
which may be used. 
 
Note: RFC2487 has been replaced by 
RFC3207, 
ftp://ftp.isi.edu/in-notes/rfc3207.txt
 
 
>3. What 
about multihop? Maybe you don't 
want 
>the 
information available at the intermediate 
hop.
 
It would seem to me that an intermediary needs access 
to the ebXML header information in order to perform it's role as an 
intermediary. Clearly one may not want an intermediary to have access to the 
business data contained in the payload container and that should be encrypted 
using PGP or S/MIME or something 
else.
 
 
Dick Brooks
Systrends, Inc
7855 South River Parkway, 
Suite 111
Tempe, Arizona 85284
Web: www.systrends.com <http://www.systrends.com>
Phone:480.756.6777,Mobile:205-790-1542,eFax:240-352-0714