[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: EDI over http?

To: "'chucks@xxxxxxxxxxxxx'" <chucks@xxxxxxxxxxxxx>, "'Matthew James Gering'" <mgering@xxxxxxxxxxxx>
Subject: RE: EDI over http?
From: Peter Rawlinson <PeterR@xxxxxxxxxxxxx>
Date: Mon, 23 Jun 1997 21:00:02 -0400
Cc: "'ietf-ediint@xxxxxxx'" <ietf-ediint@xxxxxxx>
Sender: owner-ietf-ediint@xxxxxxx

Using HTTP POST over SLL does require client to server authentication,
but there is no reason why the client side can't actually be a server -
we therefore have server-to-server authentication using SSL.  Am I
missing somethnig here??

>-----Original Message-----
>From:	chucks@xxxxxxxxxxxxx [SMTP:chucks@xxxxxxxxxxxxx]
>Sent:	Monday, June 23, 1997 12:24 AM
>To:	Matthew James Gering
>Cc:	ietf-ediint@xxxxxxx
>Subject:	Re: EDI over http?
>
>Matt,
>
>I'm looking over the SSL3 protocol spec and there definitely is
>something client side and server side about it. For instance this is the
>possible message flow defined for the SSL handshake:
>
>
>CLIENT                     SERVER
>
>ClientHello --------------> ServerHello
>                            Certificate
>                            CertificateRequest
>                            ServerKeyExchange
>            <--------------
>
>Certificate
>ClientKeyExchange
>CertificateVerify
>change cipher spec
>Finished------------------->change cipher spec
>    |                        Finished
>    |                            |
>    |                            |
>    |                            |
>    |                            |
>    |                            |
>    V                            V
>
>   application <-------------> application 
>      data                       data 
>
>
>Matthew James Gering wrote:
>> 
>> SSL is end-to-end session encryption -- there is nothing client-side or
>> server-side about it.
>> 
>> If you are referring to the X.509 certificate on the server used for server
>> identity verification, X.509 certificates are also supported on the client
>> for client identity verification and security login by most web servers.
>> 
>>         Matt
>> 
>> > Since EDI is generally server to server, doesn't adopting a http/SSL
>> > transport also imply that the client side http/SSL implementation be
>> > done on the server side as well?
>> >
>> > For instance, the browser will implement the client side SSL functions
>> > such as server certificate authentication, etc. In the situation where
>> > there is no browser, and a server needs to send the EDI file to another
>> > server, doesn't the sending server need to implement the http/SSL client
>> > side dialogues?
>> >
>> > Does this mean that companies would need to go to the expense of
>> > creating a "customised" http/SSL server to support client side
>> > functionality?

Prev by Date: RE: EDI over http?
Next by Date: Re: EDI over http?
Previous by thread: RE: EDI over http?
Next by thread: Re: EDI over http?
Index(es):
- Date
- Thread