[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Coimpression for ebMS 3.0 and CPPA 2.1/3.0 discussion RE: [ebxml-dev] compression and encryption of payloads
I am sending these remarks to the CPPA TC
that is currently working on an update and maintenance version for CPPA (2.1
and/or 3.0 level) Certainly the Packaging option in CPP/CPA
exists now for some ways of specifying compression but it would be done as a
matter of bilateral agreement, and not as a described option of ebMS. Full
support for the Packaging element would not be difficult to add if it were tied
to user interest. So I will also send your discussion to the
ebMS TC that is trying to advance to a Committee Specification in the next
weeks. Dale Moberg Cyclone/Axway Office of the CTO, Chief Architect From: Torsten Kirschner
[mailto:torsten.kirschner@sandbox.no] Hi, I agree with Srinivas, but would like to
add the following observations. CMS-based S/MIME lacks an automagic,
transparent compression as PGP offers out of the box. As Srinivas points out,
doing several operations like signing, compression or encryption on the same
cleartext result in nested MIME bodyparts. By the way, encryption followed by
compression is supposedly counter-productive with regard to the latter. Case
(1) should therefor be avoided. * Compression can be done as Srinivas
outlines, but there are other alternatives. Newer CMS and S/MIME versions offer the
CompressedData [RFC3274] / Content-Type: application/pkcs7-mime;
smime-type=compressed-data [RFC3851]. Other standards, like EDI-INT, RFC3854 and
ENV13608-2 also describe ways of doing this. Unfortunately, ENV13608-2 is not very
clear and I have come to the conclusion that the resulting
implementations used around here is simply incorrect or at least highly
proprietary. RFC2634 on the other hand is a good
example of both how something should be described and illustrated. * From an ebXML perspective, this issue
should be very simple. In version 2.0 of the CPA standard, all of this is
addressed in the Packaging section. However, I am not aware of any
implementation actually using this element. Since transmitting messages securely
turned out to be a major argument for ebXML, I suggest the ebMS 2.0 appendix C
"Supported Security Services" should be ammended with a detailed,
standard description of how these are implemented. Especially profile 13, not
limited to XML-security, but also using S/MIME, preferably S/MIME v3.1. I see that the ebMS version 3.0 addresses
some of these issues, but merely changing the syntax and its location may not
suffice. I'll see what I can come up with to
contribute. best regards Torsten
Fra: Srinivas
[mailto:Srinivas@crimsonlogic.com] Hi, To my knowledge the payload(s) will be added to the ebXML
message by warping with the Mime Object, this object will be then (1) Encrypted
and then compressed and added to ebXML payload part Or (2) Compressed
and then encrypted and added to ebXML payload part. Case (1) If the object is first encrypted the mime
header will be */pkcs7-mime and then you will compress the
message, when adding the compressed message to ebXML SOAP message this will have
the content type as */gzip. So, once you receive any Mime message with this
case, then the mime message extraction should do a recursive check, means first
extraction will give you the gzip content type, once this is Identified then
the extracted object is Mime Object again check the content type again this
will give the content type as */pkcs7-mime, once identified then decrypt the
message. Case(2) Similarly first compress the mime message this will generate
the content type as */gzip, after compress then create another Mime which will
be encrypt the gzip content, this will mime will have the content type as
*/pkcs7-mime, while extracting the payload you have to first extract the
encrypted messages and then extract the gzip message. Hope this won’t confuse you. Regards, Srinivas. From: Vishal Sinha
[mailto:sinhavis@gmail.com] Hi everyone, I have one question on ebXML. If someone can reply that will be good
help. 1) The payloads in ebXML can be encrypted and compressed. When my
application receives the ebXML message, it checks the content-type of
that payload, if it is */gzip, it concludes that the payload is compressed and
if it is */pkcs7-mime it concludes that the payloads is encrypted using smime. Now, the question is what content-type to use if the payload is both
encrypted and compressed ? [...] |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]