Re: Message From KO/Office

[drummond@xxxxxxxxxx (Rik Drummond)]

Our direction is that X12.58 is fine. The type definitions already in
RFC1767 allow edi users to use X12.58 over Internet. We as a wg just do not
need to do anything else in the X12.58 area.

We are not dictating. We are mostly recommending ways to use existing
standards/products to facilitate interoperability between edi products
which support encryption and signature.

Later...Rik

>Mark,
>
>Thanks for your input.  I don't feel that my work on X12.58 was done invane.
>I understand your points and they are all valid.  I think what is important
>here is that we allow users of the system to choose which security algorithm
>they want to use rather then us dictate a specific one.  The beautiy of
>X12.58 is that it allows you to choose which ever algorithm you want.  Then
>when the security is applied to the EDI transaction set that security method
>is identified so that the receiver is aware which method was used.  This
>allows for quick modifications if the security algorithm is somehow broken
>by a third party.
>
>Us people in the EDI world sometimes forget about other issues in the real
>world.  Although I would like to point out that by dictating that  security
>in the internet must use one security method (ie. PGP) then you are also
>forcing them to use one algorithm (ie RSA ).  (( This is from my
>understanding of PGP.... It may not be correct)).
>
>This forces users of the system to use a proprietary solution and if by any
>chance the RSA algorithm is some how cracked then they cannot switch quickly.
>
>Paranoia sets in..... Dale
>
>_______________________________________________________________________________
>>
>>Dale,
>>as a business user of both EDI and E-mail with our Trading Partners,
>>we will not use one data encryption method for EDI (X12.58) and a
>>different one for E-mail.
>>And we will progess to sending all our EDI as e-mail to e-mail
>>addresses as well; we have no interest in sending over a proprietary
>>VAN using proprietary addressing (some funny characters in the ISA
>>or UNB segments) when we can send it on the Internet.
>>We have 100,000 business customers here in Australia, and hundreds
>>of thousands more in other countries.  Many of them are small
>>organisations (1-10 people total, no IS department).  The idea that
>>they are going to use encryption method A for their email and method
>>B for EDI is, to put it kindly, a poor joke.  Its the sort of
>>solution that big companies with lots of IS resources come up with.
>>EDI is just e-mail.  Sure, its application to application rather
>>than person to person, but its just e-mail.  And we need a simple
>>encryption method that is consistent so our customers' off the shelf
>>e-mail package can receive a person to person or application to
>>application message and decrypt it.
>>So encryption of just part of the EDI message is a solution with no
>>long term future for 99.9 percent of businesses around the world.
>>If that means that all the good work you did on X12.58 while at
>>Sterling is a complete waste of time and effort, then all I can do
>>is commiserate, and admit that in the past I too have wasted time on
>>proprietary EDI solutions that will never be implemented.
>>Regards Mark
>>
>>
>>
>> * * * * * * * * * * * * * * * * * * * *
>>*  Message From : HUGHES, MARK          *
>>*  Location     : AUSTRALIA-CCA HDQ     *
>>*  KOMAIL ID    : N17503  (CCAMCQN1)    *
>>*  Date and Time: 05/22/96  17:04:35    *
>> * * * * * * * * * * * * * * * * * * * *
>>
>>

------------------------------------------------------
|         Rik Drummond - The Drummond Group         |
|   5008 Bentwood Ct., Ft. Worth, TX 76132 USA  |
|        Voice: 817 294 7339    Fax: 817 294 7950     |
------------------------------------------------------