[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [ebxml-iic] Issues from the CPPA database related to iic
1) Category Security Submitter Collier Issue ID 97 Issue Encouragement of selected protocols Description In order to encourage maximum interoperability, the following standard mechanisms are identified and vendors are encouraged to implement them: · When exchanging identity information, use X.509v3 Certificates that follow the IETF profile (RFC2459 and its successors). [PKIX] · When symmetric-key encryption is needed, use 3DES or the AES. · When asymmetric encryption is needed, use RSA encryption with the OAEP encryption scheme and a key size of 1024 or 2048 bits. · When hashing (or digesting) is needed, use SHA-1. When transport-level security is required, use SSLv3 or TLS with RSA keys and the RC4 (or ARC4) stream cipher. Location Origin ebXML Technical Architecture Risk Date of Origin Reference Status Target Version 1.1 Responsible Party Notes Out of scope; forward to suitable group such as IIC 2) Category BPSS Submitter Sachs Issue ID 135 Issue Technical report on interoperability across Messaging, BPSS and CPPA specs Description We might want to consider a technical report on interoperability across the Messaging, BPSS and CPPA specifications. Dale agreed with the idea and felt that someone needs to draft it, but wasn't sure who. Location Origin call Date of Origin 8/6/2001 Reference Status Target Version 1.1 Responsible Party Unal Notes Contribute to work of IIC (M. Wang) 3) Category Messaging Submitter Sachs Issue ID 135 Issue Technical report on interoperability across Messaging, BPSS and CPPA specs Description We might want to consider a technical report on interoperability across the Messaging, BPSS and CPPA specifications. Dale agreed with the idea and felt that someone needs to draft it, but wasn't sure who. Location Origin call Date of Origin 8/6/2001 Reference Status Target Version 1.1 Responsible Party Unal Notes Contribute to work of IIC (M. Wang) 4) Category Security Submitter Collier Issue ID 96 Issue Key Management Description Key management is a major issue that needs to be addressed with respect to the capabilities of the TR& P Message Service Handler. In particular, if the MSH will be called upon to apply digital signatures, the appropriate private keys must be available to the MSH. Private keys must be managed very carefully and deliberately. Thus, some configuration will be necessary to establish the key management mechanisms to be used by the MSH. Location Origin ebXML Technical Architecture Risk Date of Origin Reference Status Target Version Responsible Party Notes "IIC best practices" 5) Category Messaging Submitter Sachs Issue ID 133 Issue Clarify MSH, Middleware, and their relationship Description Marty wants to make sure that we distinguish between the formal definition of MSH [editorial: which is not entirely clear] and related middleware. … Returning to syntax checking as part of receipt acknowledgement, it was mentioned that the MSH could provide a plug in. This again raises questions about the scope of MSH and division of labor among middleware components. Someone (Engkee?) asked if the Interoperability committee might address such Location Origin call Date of Origin 8/6/2001 Reference Status Target Version 1.1 Responsible Party Notes
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC