[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [emergency] Message encryption -- was RE: [emergency-comment] RE: [CAP] RE: CAP-list digest...)
On Mar 24, 2004, at 2:45 PM, Kon Wilms wrote: > In my personal opinion this is clearly outside the scope of the CAP > message, > and any vendor worth their salt should be able to easily pick one of > many > standards available to encrypt messages (PKI, symkey, SSL, etc.) where > needed, no matter the transport used. You can do this dependent on the > transport, or not. Pick your option - pipe or content encryption (or > both). > Nothing complex or non-standard for implementation here. > > Someone mentioned HTTP in a previous post - this is the same concept. > How > many servers do you see using self-signed HTML pages with an embedded > hash > or such, vs. using SSL to encrypt vanilla HTML pages. A big fat zero. I completely agree - not part of CAP. That being said, just as using SSL to define/profile "how" pages should be sent securely across HTTP, we do need to address transporting the data to ensure we done a bunch of servers (aka implementations) doing their own thing. Otherwise nothing will work. We need to provide at least some level of guidance. Allen -- R. Allen Wyke Chair, OASIS Emergency Management TC emergency-tc@earthlink.net
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]