[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] HTTPs
Signed messages + enforced encryption? That's even more load on development. Please, let's lighten the load on developers. (I have enough XML-DSIG scars already, thank you.)
Terry, I like your idea. Certification bodies can add whatever arbitrary requirements they want. If developers care about getting their systems certified by the Secret Squirrel Club, then they can pay the extra cost to implement the Nut Cracking Encryption requirement. If they don't care about that certification, they're not forced to do extra busywork. (That way, you get somewhat of a Free Market Effect going.)
JSA
From: Adam Cooper <adam.cooper@digital.cabinet-office.gov.uk>
Sent: Monday, February 22, 2016 4:28 AM To: Terry MacDonald Cc: John Anderson; Jordan, Bret; Jason Keirstead; cti-taxii@lists.oasis-open.org Subject: Re: [cti-taxii] HTTPs As a further thought on the data integrity theme - HTTPS / TSL is arguably not strong enough anyway and we should also consider cryptographically signing messages negating as well as protecting the transport layer.
On 22 February 2016 at 09:13, Adam Cooper
<adam.cooper@digital.cabinet-office.gov.uk> wrote:
Adam Cooper
Identity Assurance Programme
Government Digital Service
125 Kingsway, London, WC2B 6NH
Tel: 07973 123 038
official sensitive:
adam.cooper@govdigital.gsi.gov.uk
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]