9619Re: [soapbuilders] Re: Super-Encryption AND Digital Signatures
- Dec 3, 2003Quoting Rich Salz <rsalz@...>:
> I'm curious why a standard dsig/enc combination isn't appropriate?There is nothing wrong with the dsig, but it's overhead (and plenty of it).
IMHO, the necessity for large and scaleable secure applications it great. I
don't believe that xml-enc + xml-dsig on a one to many basis will ever be
functionally scaleable (except in name only).
If you take my premise based on an intermediary, then the requirements for
secured/encrypted data are only based on a single and relatively simple
concept. Not to mention the reduction in overhead in the fact the sender and
receiver need not exchange keys. Only the intermediary-2-sender and
intermediary-2-receiver need to exchange public keys, i.e., the intermediary
decrypts the sender's message; then encrypts the message for the receiver.
That scenario to me dramatically increases the scalability of
secured/encrypted interop over an unsecured channel.
- << Previous post in topic Next post in topic >>