[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Problem with Non Repudiation over a Synchronous Delivery Channel
Dale and Chris: The CertificateRef under NonRepudiation is presumably the certificate used by the sender for signing. What happens if syncReplyMode is set to something other than None? In that case, the receiver (responder) has to deliver the response document over the same channel. Where is the CertificateRef for signing by the responder? Cheers, -Arvola -----Original Message----- From: Dale Moberg <dmoberg@cyclonecommerce.com> To: christopher ferris <chris.ferris@east.sun.com>; Arvola Chan <arvola@tibco.com> Cc: ebxml-cppa@lists.oasis-open.org <ebxml-cppa@lists.oasis-open.org> Date: Tuesday, August 21, 2001 1:31 PM Subject: RE: Does CPA support SSL mutual authentication? > There is no explicit CertificateRef for signing. Presumably, it has to > be stored at the CollaborationRole level. Yes there is. The certificateRef under NonRepudiation is for signing. Dale>> Oops, I remember this now being added. Thanks Chris. I would agree though that bilateral exchange of certs in SSL is probably not addressed in the 1.0 spec. A CPA would need to identify the sender and receiver certs such that both parties know which certs will be used to authenticate the SSL connection. A CPP on the other hand should identify only the certificate that it will use for a given connection, leaving a blank to be filled in during cpp->cpa negotiation. Dale>> Need to decide if this is a 1.1 issue soon. I think that the CPP/A addresses the ability to use as many keys for the various functions as deemed necessary. The certificate which identifies the public/private key pair that is used for SSL need not be the same as that used for NR or for some other manner of authentication because the CPP/A does not limit the number of certificates that may be listed in a CPP/A. It might be useful to provide (possibly in 1.1 but more likely in 2.0) for each certificate to be accompanied by a purpose or description that made it clear as to what it represented. This may deserve some consideration. Dale>> Agree, it might make it easier to understand which cert goes with which security function.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC