[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [emergency] CAP and Signatures/Encryption
Carl Reed wrote: > the S/MIME electronic mail security protocol that is widely > implemented in commercial mail agents. S/MIME would, of course, be a good protocol to use if the transport mechanism for the CAP message was email. This is an example of the "channel" or "transport" providing signature and or encryption mechanisms external to the CAP message itself. However, we should not hold out a great deal of hope for S/MIME use. The problem is that S/MIME has simply not been adopted as widely as it could have been even though it has been defined and implemented for a very long time (I managed the first commercial implementation of S/MIME back in 1995 and the current chair of the IETF working group is the guy I assigned to the project almost a decade ago!) The lack of S/MIME adoption and or use has been a real disappointment and it would be great to see efforts to popularize it. However, it undoubtedly isn't within the charter of the CAP group to do the necessary evangelizing. >IPSEC .. IPSEC is another example of mechanisms which are best used at a "channel" or "transport" level. As such it isn't really relevant to the question of how one provides signatures or encryption within a CAP message. Other examples of channel based mechanism include, of course, the WS-Security stuff which would be appropriate if SOAP were being used as the transport. Also, TLS/SSL would be appropriate for use with transport mechanisms such as HTTP (including SOAP over HTTP), BEEP, various other socket oriented protocols, etc. However, while there are quite a variety of transport/channel specific methods to choose from, the W3C Recommendations are the accepted mechanisms for providing signatures and encryption *within* XML messages. bob wyman
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]