[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Message From KO/Office

To: mark.hughes@xxxxxxxxxxxx, ietf-ediint@xxxxxxx
Subject: Re: Message From KO/Office
From: drickards@xxxxxxxxxxxx (Dale Rickards)
Date: Wed, 22 May 1996 15:14:39 -0400 (EDT)
Sender: owner-ietf-ediint@xxxxxxx

Mark,

Thanks for your input.  I don't feel that my work on X12.58 was done invane.
I understand your points and they are all valid.  I think what is important
here is that we allow users of the system to choose which security algorithm
they want to use rather then us dictate a specific one.  The beautiy of
X12.58 is that it allows you to choose which ever algorithm you want.  Then
when the security is applied to the EDI transaction set that security method
is identified so that the receiver is aware which method was used.  This
allows for quick modifications if the security algorithm is somehow broken
by a third party. 

Us people in the EDI world sometimes forget about other issues in the real
world.  Although I would like to point out that by dictating that  security
in the internet must use one security method (ie. PGP) then you are also
forcing them to use one algorithm (ie RSA ).  (( This is from my
understanding of PGP.... It may not be correct)).  

This forces users of the system to use a proprietary solution and if by any
chance the RSA algorithm is some how cracked then they cannot switch quickly.

Paranoia sets in..... Dale

_______________________________________________________________________________
>
>Dale,
>as a business user of both EDI and E-mail with our Trading Partners,
>we will not use one data encryption method for EDI (X12.58) and a
>different one for E-mail.
>And we will progess to sending all our EDI as e-mail to e-mail
>addresses as well; we have no interest in sending over a proprietary
>VAN using proprietary addressing (some funny characters in the ISA
>or UNB segments) when we can send it on the Internet.
>We have 100,000 business customers here in Australia, and hundreds
>of thousands more in other countries.  Many of them are small
>organisations (1-10 people total, no IS department).  The idea that
>they are going to use encryption method A for their email and method
>B for EDI is, to put it kindly, a poor joke.  Its the sort of
>solution that big companies with lots of IS resources come up with.
>EDI is just e-mail.  Sure, its application to application rather
>than person to person, but its just e-mail.  And we need a simple
>encryption method that is consistent so our customers' off the shelf
>e-mail package can receive a person to person or application to
>application message and decrypt it.
>So encryption of just part of the EDI message is a solution with no
>long term future for 99.9 percent of businesses around the world.
>If that means that all the good work you did on X12.58 while at
>Sterling is a complete waste of time and effort, then all I can do
>is commiserate, and admit that in the past I too have wasted time on
>proprietary EDI solutions that will never be implemented.
>Regards Mark
>
>
>
> * * * * * * * * * * * * * * * * * * * *
>*  Message From : HUGHES, MARK          *
>*  Location     : AUSTRALIA-CCA HDQ     *
>*  KOMAIL ID    : N17503  (CCAMCQN1)    *
>*  Date and Time: 05/22/96  17:04:35    *
> * * * * * * * * * * * * * * * * * * * *
>
>

Follow-Ups:
- Re: Message From KO/Office
  - From: Carl Hage

Prev by Date: Re: Message From KO/Office
Next by Date: Re: Message From KO/Office
Previous by thread: Message From KO/Office
Next by thread: Re: Message From KO/Office
Index(es):
- Date
- Thread