AS3 Discusion - Section 8 - Public key certificate handling

["Terry Harding" <tharding@xxxxxxxxxxxxxxxxxxx>]

Open for discussion

8.  Public key certificate handling

     In the near term, the exchange of public keys and certification of 
     these keys must be handled as part of the process of establishing a

     trading partnership. The UA and/or EDI application interface must 
     maintain a database of public keys used for encryption or 
     signatures, in addition to the mapping between EDI trading partner 
     ID and FTP URL/URI. The procedures for establishing a trading 
     partnership and configuring the secure EDI messaging system might 
     vary among trading partners and software packages. 

     X.509 certificates are REQUIRED. It is RECOMMENDED that trading 
     partners self-certify each other if an agreed upon certification 
     authority is not used. This applicability statement does NOT
require 
     the use of a certification authority. 

     The use of a certification authority is therefore OPTIONAL. 
     Certificates may be self-signed. It is RECOMMENDED that when
trading 
     partners are using S/MIME, that they also exchange public key 
     certificates using the recommendations specified in the S/MIME 
     Version 3 Message Specification. 

     The message formats and S/MIME conformance requirements for 
     certificate exchange are specified in this document. In the long 
     term, additional Internet-EDI standards may be developed to
simplify 
     the process of establishing a trading partnership, including the 
     third party authentication of trading partners, as well as 
     attributes of the trading relationship.
 *****************************************************

Terry Harding
Cyclone Commerce Inc.