OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Does CPA support SSL mutual authentication?

> There is no explicit CertificateRef for signing. Presumably, it has to
> be stored at the CollaborationRole level.

Yes there is. The certificateRef under NonRepudiation is for signing.

Dale>> Oops, I remember this now being added. Thanks Chris.

I would agree though that bilateral exchange of certs in SSL
is probably not addressed in the 1.0 spec. A CPA would need
to identify the sender and receiver certs such that both parties
know which certs will be used to authenticate the SSL connection.
A CPP on the other hand should identify only the certificate that
it will use for a given connection, leaving a blank to be
filled in during cpp->cpa negotiation.

Dale>> Need to decide if this is a 1.1 issue soon. 

I think that the CPP/A addresses the ability to use as many
keys for the various functions as deemed necessary. The certificate
which identifies the public/private key pair that is used for
SSL need not be the same as that used for NR or for some other manner
of authentication because the CPP/A does not limit the number of
that may be listed in a CPP/A.

It might be useful to provide (possibly in 1.1 but more likely in
2.0) for each certificate to be accompanied by a purpose or description
that made it clear as to what it represented. This may deserve some

Dale>> Agree, it might make it easier to understand which cert goes
with which security function.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC