[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fwd: Re: Example cpps with encryption requirements
Matt MacKenzie's answer: >Mailing-List: contact ebxml-dev-help@lists.ebxml.org; run by ezmlm >X-No-Archive: yes >List-Post: <mailto:ebxml-dev@lists.ebxml.org> >List-Help: <mailto:ebxml-dev-help@lists.ebxml.org> >List-Unsubscribe: <mailto:ebxml-dev-unsubscribe@lists.ebxml.org> >List-Subscribe: <mailto:ebxml-dev-subscribe@lists.ebxml.org> >Delivered-To: mailing list ebxml-dev@lists.ebxml.org >Cc: ebxml-dev@lists.ebxml.org >From: Matthew MacKenzie <matt@mac-kenzie.net> >Subject: Re: Example cpps with encryption requirements >Date: Tue, 20 Jul 2004 09:12:16 -0300 >To: Bryan Rasmussen <brs@itst.dk> >X-Mailer: Apple Mail (2.618) >X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on > hermes.oasis-open.org >X-Spam-Status: No, hits=0.2 required=7.0 tests=TW_BX,TW_EB autolearn=no > version=2.63 >X-Spam-Level: >X-XWall-Excl: white-list maillist >X-OriginalArrivalTime: 20 Jul 2004 12:14:17.0551 (UTC) >FILETIME=[145285F0:01C46E53] >X-NAS-Bayes: #0: 1.68575E-040; #1: 1 >X-NAS-Classification: 0 >X-NAS-MessageID: 1317 >X-NAS-Validation: {6C6C0D95-D959-4B50-8369-95681D6D69E6} > >You would only publish a CPP if you were looking to pair it with various >partners. Also, the CPP only tells the remote end what is needed to >connect to you securely, it doesn't give you the credentials to do >so. Generally, even endpoints declared in the CPP would likely be >unresolvable outside of the party's extranet VPN, so I don't really see >this as a security hole. It may be a security hole if the interface isn't >actually secured and you were previously relying on obscurity to keep your >network safe. > >Matthew MacKenzie . Sr. Architect . Adobe Systems > >On 20-Jul-04, at 9:01 AM, Bryan Rasmussen wrote: > >> >>Anyone have some example cpps with stringent security requirements, >>detailing encryption algorithms, certificates etc. Also, can't this kind of >>information in a cpp be a security hole? >> >>The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The >>list archives are at http://lists.ebxml.org/archives/ebxml-dev/ >>To subscribe or unsubscribe from this list use the subscription manager: >><http://www.oasis-open.org/mlmanage/> > > >The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The >list archives are at http://lists.ebxml.org/archives/ebxml-dev/ >To subscribe or unsubscribe from this list use the subscription manager: ><http://www.oasis-open.org/mlmanage/> ************************************* Martin Sachs standards architect Cyclone Commerce msachs@cyclonecommerce.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]