OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-cppa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Fwd: Re: Example cpps with encryption requirements

Matt MacKenzie's answer:

>Mailing-List: contact ebxml-dev-help@lists.ebxml.org; run by ezmlm
>X-No-Archive: yes
>List-Post: <mailto:ebxml-dev@lists.ebxml.org>
>List-Help: <mailto:ebxml-dev-help@lists.ebxml.org>
>List-Unsubscribe: <mailto:ebxml-dev-unsubscribe@lists.ebxml.org>
>List-Subscribe: <mailto:ebxml-dev-subscribe@lists.ebxml.org>
>Delivered-To: mailing list ebxml-dev@lists.ebxml.org
>Cc: ebxml-dev@lists.ebxml.org
>From: Matthew MacKenzie <matt@mac-kenzie.net>
>Subject: Re: Example cpps with encryption requirements
>Date: Tue, 20 Jul 2004 09:12:16 -0300
>To: Bryan Rasmussen <brs@itst.dk>
>X-Mailer: Apple Mail (2.618)
>X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
>         hermes.oasis-open.org
>X-Spam-Status: No, hits=0.2 required=7.0 tests=TW_BX,TW_EB autolearn=no
>         version=2.63
>X-Spam-Level:
>X-XWall-Excl: white-list maillist
>X-OriginalArrivalTime: 20 Jul 2004 12:14:17.0551 (UTC) 
>FILETIME=[145285F0:01C46E53]
>X-NAS-Bayes: #0: 1.68575E-040; #1: 1
>X-NAS-Classification: 0
>X-NAS-MessageID: 1317
>X-NAS-Validation: {6C6C0D95-D959-4B50-8369-95681D6D69E6}
>
>You would only publish a CPP if you were looking to pair it with various 
>partners.  Also, the CPP only tells the remote end what is needed to 
>connect to you securely, it doesn't give you the credentials to do 
>so.  Generally, even endpoints declared in the CPP would likely be 
>unresolvable outside of the party's extranet VPN, so I don't really see 
>this as a security hole.  It may be a security hole if the interface isn't 
>actually secured and you were previously relying on obscurity to keep your 
>network safe.
>
>Matthew MacKenzie . Sr. Architect . Adobe Systems
>
>On 20-Jul-04, at 9:01 AM, Bryan Rasmussen wrote:
>
>>
>>Anyone have some example cpps with stringent security requirements,
>>detailing encryption algorithms, certificates etc. Also, can't this kind of
>>information in a cpp be a security hole?
>>
>>The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The
>>list archives are at http://lists.ebxml.org/archives/ebxml-dev/
>>To subscribe or unsubscribe from this list use the subscription manager:
>><http://www.oasis-open.org/mlmanage/>
>
>
>The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The
>list archives are at http://lists.ebxml.org/archives/ebxml-dev/
>To subscribe or unsubscribe from this list use the subscription manager: 
><http://www.oasis-open.org/mlmanage/>

*************************************
Martin Sachs
standards architect
Cyclone Commerce
msachs@cyclonecommerce.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]