[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure ???? over the Internet

To: Robert Moskowitz <rgm3@xxxxxxxxxxxx>, Mats Jansson <mjansson@xxxxxxxxxxx>, ietf-ediint@xxxxxxx
Subject: Re: Secure ???? over the Internet
From: Dave Darnell <dave_d@xxxxxxxxxxxxx>
Date: Tue, 21 May 1996 09:46:18 -0700
Sender: owner-ietf-ediint@xxxxxxx

At 12:07 PM 5/21/96 -0400, Robert Moskowitz wrote:
>>
>>You mean SSL, or SHTTP, or both?  Does not really matter.  I think you could
>>be correct for something like "NEW-EDI", but I do believe that "trad-EDI"
>>users will migrate to Internet EDI via SMTP/MIME (S-MIME or PGP or MOSS
>>,etc) as a natural extension of the "store-and-forward" EDI messaging
>>systems they now have in place.
>
>NO!!!!!!!!
>
>Although SSL or SHTTP would be ok for transitioning, there is a very
>short-sighted view that privacy is only needed during transport.  Privacy is
>also needed for storage for a number of reasons.  
>
>And the auto industry does not use 'Store-and-forward', except for the few
>trading partners that use VANs.  It is push-pull and mailboxing.  The
>transition to an SMTP method would be a big change for us.
>

OK, I see where you are coming from -- many FORTUNE 1000 level corporations
probably operate as HUBs and own their own EDI GATEWAY SYSTEM that SPOKE
TP's can log into and retrieve/deposit their EDI transactions.

I can see where FTP with Kerberos and encrypted EDI files would be the
easiest way for a HUB to migrate to Internet EDI, and not store-and-forward
oriented SMTP/MIME.

In that case --- use PGP to encrypt your files and allow users to log into a
Kerberos protected FTP EDI Application Server.

But I still think that SMTP/MIME is the way to go in order to roll out EDI
to the 95% of our 6 million Small to Medium sized Enterprises (SME's) that
do not have EDI now.  E-mail is easy, cost effective and requires a minimum
of training/support.  Of course you could argue for FTP/HTTP like this also.

SO what is the answer - don't ask me - I am just a dumb Texan stuck in the
Arizona desert (I like it here - it's a "dry heat"!)  :-)

>>
>>Just curious -- what is the advantage of hiding the signature/ what are the
>>problems with it not being hidden.
>
>The signature may reveal information for traffic analysis during critical
>design work and ordering.  It may be the real signature of someone that we
>do not want publicly addressable (like the VP of purchasing, say).
>
>BTW, we have no intention of making our EMail addresses readily available to
>the public.  You might notice the format of mine.
>
>Robert Moskowitz
>Chrysler Corporation
>(810) 758-8212

I understand the point here now. Large corporate and government security
needs and concerns are vastly different from SME's, something I have a
tendency to forget from time-to-time.  

Thanks for the info Robert!

Regards,
dave_d
======================================
|   David Darnell              
|   SysTrends, Inc.             
|   Arizona EC/EDI Roundtable   
|   1850 East Carver Road       
|   Tempe, AZ 85284             
|   Tel (602)838-5316           
|   Fax (602)897-8032           
|   mailto://dave_d@systrends.com        
======================================

Prev by Date: Re: Internet Security
Next by Date: Re: Secure ???? over the Internet
Previous by thread: Re: Secure ???? over the Internet
Next by thread: Re: Secure ???? over the Internet
Index(es):
- Date
- Thread