[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: EDI over http

To: ietf-ediint@xxxxxxx
Subject: RE: EDI over http
From: "Carl Hage" <carl@xxxxxxxxx>
Date: Tue, 7 Apr 1998 12:51:22 -0800
Comments: Authenticated sender is <chage@bolero.rahul.net>
In-reply-to: <>
Sender: owner-ietf-ediint@xxxxxxx

> From:          "Shih,Chuck" <Chuck.Shih@xxxxxxxxxxx>

> I agree with your comments except that SSL can provide "non-repudiation"
> of origin.

To elaborate: SSL would prove that I initiated a connection at a 
certain time. The same login ID might be used to send several 
transactions back and forth. The connection-signature applies to 
only the initiation of the session or session sequenc, not the 
content of subsequent transactions.

In other words, an SSL signature log couldn't distinguish between me 
downloading the home page, and sending a purchase order.

Signatures sent at the end of a session which include the MIC MD5/SHA 
codes of the content would provide non-repudiation of the 
transactions, but SSL has no provisions for exchanging such 
signatures. (It's a simple extension, though, which would be good for 
AS#3-- SSL EDI. :-)
--------------------------------------------------------------------------
Carl Hage                                              C. Hage Associates
<mailto:carl@xxxxxxxxx> Voice/Fax: 1-408-244-8410      1180 Reed Ave #51
<http://www.chage.com/chage/>                          Sunnyvale, CA 94086

References:
- RE: EDI over http
  - From: Shih,Chuck

Prev by Date: Re: Correcting Corrections Re: EDI over http
Next by Date: RE: EDI over http
Previous by thread: RE: EDI over http
Next by thread: Re: EDI over http
Index(es):
- Date
- Thread