[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure ???? over the Internet

To: Dave Darnell <dave_d@xxxxxxxxxxxxx>, Mats Jansson <mjansson@xxxxxxxxxxx>, ietf-ediint@xxxxxxx
Subject: Re: Secure ???? over the Internet
From: Robert Moskowitz <rgm3@xxxxxxxxxxxx>
Date: Tue, 21 May 1996 12:07:46 -0400
Sender: owner-ietf-ediint@xxxxxxx

At 05:01 AM 5/21/96 -0700, Dave Darnell wrote:
>At 06:50 AM 5/21/96 -0400, Robert Moskowitz wrote:
>>At 11:08 PM 5/20/96 -0700, Mats Jansson wrote:
>>>
>>>What more beyond an e-mail address would you need in the scenario we are
>>talking
>>>about (EDI over SMTP)?
>>
>>WAKE UP CALL # 1
>>
>>First of all, our industry may very well NOT USE SMTP, but rather HTTP!
>
>You mean SSL, or SHTTP, or both?  Does not really matter.  I think you could
>be correct for something like "NEW-EDI", but I do believe that "trad-EDI"
>users will migrate to Internet EDI via SMTP/MIME (S-MIME or PGP or MOSS
>,etc) as a natural extension of the "store-and-forward" EDI messaging
>systems they now have in place.

NO!!!!!!!!

Although SSL or SHTTP would be ok for transitioning, there is a very
short-sighted view that privacy is only needed during transport.  Privacy is
also needed for storage for a number of reasons.  

And the auto industry does not use 'Store-and-forward', except for the few
trading partners that use VANs.  It is push-pull and mailboxing.  The
transition to an SMTP method would be a big change for us.

>>WAKE UP CALL # 2
>>
>>Secondly in a message queing EDI network like the one you are proposing
>>based on SMTP, the identifier may well be the trading partner # which might
>>be the ISO ASN.1 WTO code, much like what STEP has decided to use.  It
>>brakes down a lot of international barriers.
>>
>>
>
>It may just be too early (no coffee yet - yes I am a caffeine addict), but
>could you point me to info on STEP?  I am unfamiliar with STEP, or at least
>that part of my brain that is familiar with it is not awake yet.

I am still trying to get the right JTC1/SC designation, but it is CAD math.
So it is kind of important to our industry.  AutoSTEP is of course our
implementation of STEP.  STEP is suppose to work where IGES did not.

>There is no reason to expect that the signature has any relationship with
>>the mail header.  This is part of the reason why I have argued with the
>>S/MIME people that the signature must be hidable in the secure envelope.
>>Which they cannot do.
>>
>
>Just curious -- what is the advantage of hiding the signature/ what are the
>problems with it not being hidden.

The signature may reveal information for traffic analysis during critical
design work and ordering.  It may be the real signature of someone that we
do not want publicly addressable (like the VP of purchasing, say).

BTW, we have no intention of making our EMail addresses readily available to
the public.  You might notice the format of mine.

Robert Moskowitz
Chrysler Corporation
(810) 758-8212

Prev by Date: Re: Decision: Encryption Method/Product
Next by Date: Re: Decision: Encryption Method/Product
Previous by thread: Re: Secure ???? over the Internet
Next by thread: Re: Secure ???? over the Internet
Index(es):
- Date
- Thread