emergency message

Subject: Re: [emergency] Message encryption -- was RE: [emergency-comment] RE: [CAP] RE: CAP-list digest...)

From: R. Allen Wyke <emergency-tc@earthlink.net>
To: "Kon Wilms" <kon.wilms@ndsamericas.com>
Date: Fri, 26 Mar 2004 17:17:12 -0500

On Mar 24, 2004, at 2:45 PM, Kon Wilms wrote:

> In my personal opinion this is clearly outside the scope of the CAP 
> message,
> and any vendor worth their salt should be able to easily pick one of 
> many
> standards available to encrypt messages (PKI, symkey, SSL, etc.) where
> needed, no matter the transport used. You can do this dependent on the
> transport, or not. Pick your option - pipe or content encryption (or 
> both).
> Nothing complex or non-standard for implementation here.
>
> Someone mentioned HTTP in a previous post - this is the same concept. 
> How
> many servers do you see using self-signed HTML pages with an embedded 
> hash
> or such, vs. using SSL to encrypt vanilla HTML pages. A big fat zero.

I completely agree - not part of CAP. That being said, just as using 
SSL to define/profile "how" pages should be sent securely across HTTP, 
we do need to address transporting the data to ensure we done a bunch 
of servers (aka implementations) doing their own thing. Otherwise 
nothing will work. We need to provide at least some level of guidance.

Allen

--
R. Allen Wyke
Chair, OASIS Emergency Management TC
emergency-tc@earthlink.net

Follow-Ups:
- RE: [emergency] Message encryption -- was RE: [emergency-comment] RE: [CAP] RE: CAP-list digest...)
  - From: "Kon Wilms" <kon.wilms@ndsamericas.com>

References:
- Message encryption -- was RE: [emergency-comment] RE: [CAP] RE: CAP-list digest...)
  - From: "Kon Wilms" <kon.wilms@ndsamericas.com>