Loading ...
Sorry, an error occurred while loading the content.
 

Why SSL is not enough?

Expand Messages
  • Kaleem Aziz
    http://www.xml.com/pub/a/ws/2003/01/15/ends.html Take care. Kaleem. Silent wisdom is not wise enough. -- my Theory of Everything. ... Do you Yahoo!? The New
    Message 1 of 2 , May 12, 2003


      Take care.
      Kaleem.
      "Silent wisdom is not wise enough." -- my Theory of Everything.


      Do you Yahoo!?
      The New Yahoo! Search - Faster. Easier. Bingo.
    • Hugh Winkler
      ... SSL is just fine for 99.9% of real world applications. And that includes strategic business to business integration services. Many businesses today run
      Message 2 of 2 , May 28, 2003
        --- In rest-discuss@yahoogroups.com, Kaleem Aziz <kaleemaziz@y...> wrote:
        > http://www.xml.com/pub/a/ws/2003/01/15/ends.html


        SSL is just fine for 99.9% of real world applications. And that
        includes strategic business to business integration services. Many
        businesses today run RosettaNet over SSL (I'm tempted to say most RN
        implementations do but all I can say is 100% of my small sample [4] do).

        The article suggests that using SSL makes it impossible to implement
        non-repudiation schemes because you can't get at the encrypted bits.
        But non-repudiation schemes I have dealt with of rely on digesting the
        plain text of the message. You can send a signed multipart message or
        use XMLDSIG across SSL and that is as reliable a nonrepudiation scheme
        as any -- you don't need to digest the encrypted bits.

        As far as encryption goes, few scenarios gain anything from encrypting
        the application level message as opposed to encrypting at the
        transport level. The endpoint argument isn't really very interesting.
        The article says ISPs often can't set up a multihomed server properly.
        Set up a new endpoint or get a competent ISP! And I mean, are you
        really running this strategic business app on a multihomed server your
        ISP configures?


        Hugh
      Your message has been successfully submitted and would be delivered to recipients shortly.