OASIS Emergency Management TC

RE: [emergency] CAP and Signatures/Encryption

  • 1.  RE: [emergency] CAP and Signatures/Encryption

    Posted 01-25-2005 16:32
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    emergency message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: RE: [emergency] CAP and Signatures/Encryption


    Carl Reed wrote:
    > the S/MIME electronic mail security protocol that is widely 
    > implemented in commercial mail agents.
    	S/MIME would, of course, be a good protocol to use if the transport
    mechanism for the CAP message was email. This is an example of the "channel"
    or "transport" providing signature and or encryption mechanisms external to
    the CAP message itself. 
    	However, we should not hold out a great deal of hope for S/MIME use.
    The problem is that S/MIME has simply not been adopted as widely as it could
    have been even though it has been defined and implemented for a very long
    time (I managed the first commercial implementation of S/MIME back in 1995
    and the current chair of the IETF working group is the guy I assigned to the
    project almost a decade ago!) The lack of S/MIME adoption and or use has
    been a real disappointment and it would be great to see efforts to
    popularize it. However, it undoubtedly isn't within the charter of the CAP
    group to do the necessary evangelizing.
    
    >IPSEC ..
    	IPSEC is another example of mechanisms which are best used at a
    "channel" or "transport" level. As such it isn't really relevant to the
    question of how one provides signatures or encryption within a CAP message.
    
    	Other examples of channel based mechanism include, of course, the
    WS-Security stuff which would be appropriate if SOAP were being used as the
    transport. Also, TLS/SSL would be appropriate for use with transport
    mechanisms such as HTTP (including SOAP over HTTP), BEEP, various other
    socket oriented protocols, etc.
    	However, while there are quite a variety of transport/channel
    specific methods to choose from, the W3C Recommendations are the accepted
    mechanisms for providing signatures and encryption *within* XML messages.
    
    		bob wyman
    
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]