Why SSL is not enough?
- --- In firstname.lastname@example.org, Kaleem Aziz <kaleemaziz@y...> wrote:
includes strategic business to business integration services. Many
businesses today run RosettaNet over SSL (I'm tempted to say most RN
implementations do but all I can say is 100% of my small sample  do).
The article suggests that using SSL makes it impossible to implement
non-repudiation schemes because you can't get at the encrypted bits.
But non-repudiation schemes I have dealt with of rely on digesting the
plain text of the message. You can send a signed multipart message or
use XMLDSIG across SSL and that is as reliable a nonrepudiation scheme
as any -- you don't need to digest the encrypted bits.
As far as encryption goes, few scenarios gain anything from encrypting
the application level message as opposed to encrypting at the
transport level. The endpoint argument isn't really very interesting.
The article says ISPs often can't set up a multihomed server properly.
Set up a new endpoint or get a competent ISP! And I mean, are you
really running this strategic business app on a multihomed server your