[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Message From KO/Office
Dale,
A well-spoken response.
Best reagrds,
Peter
______________________________ Reply Separator _________________________________
Subject: Re: Message From KO/Office
Author: Non-HP-owner-ietf-ediint (owner-ietf-ediint@imc.org) at
HP-Boise,mimegw2
Date: 5/22/96 1:07 PM
Our direction is that X12.58 is fine. The type definitions already in
RFC1767 allow edi users to use X12.58 over Internet. We as a wg just do not
need to do anything else in the X12.58 area.
We are not dictating. We are mostly recommending ways to use existing
standards/products to facilitate interoperability between edi products
which support encryption and signature.
Later...Rik
>Mark,
>
>Thanks for your input. I don't feel that my work on X12.58 was done invane.
>I understand your points and they are all valid. I think what is important
>here is that we allow users of the system to choose which security algorithm
>they want to use rather then us dictate a specific one. The beautiy of
>X12.58 is that it allows you to choose which ever algorithm you want. Then
>when the security is applied to the EDI transaction set that security method
>is identified so that the receiver is aware which method was used. This
>allows for quick modifications if the security algorithm is somehow broken
>by a third party.
>
>Us people in the EDI world sometimes forget about other issues in the real
>world. Although I would like to point out that by dictating that security
>in the internet must use one security method (ie. PGP) then you are also
>forcing them to use one algorithm (ie RSA ). (( This is from my
>understanding of PGP.... It may not be correct)).
>
>This forces users of the system to use a proprietary solution and if by any
>chance the RSA algorithm is some how cracked then they cannot switch quickly.
>
>Paranoia sets in..... Dale
>
>_______________________________________________________________________________
>>
>>Dale,
>>as a business user of both EDI and E-mail with our Trading Partners,
>>we will not use one data encryption method for EDI (X12.58) and a
>>different one for E-mail.
>>And we will progess to sending all our EDI as e-mail to e-mail
>>addresses as well; we have no interest in sending over a proprietary
>>VAN using proprietary addressing (some funny characters in the ISA
>>or UNB segments) when we can send it on the Internet.
>>We have 100,000 business customers here in Australia, and hundreds
>>of thousands more in other countries. Many of them are small
>>organisations (1-10 people total, no IS department). The idea that
>>they are going to use encryption method A for their email and method
>>B for EDI is, to put it kindly, a poor joke. Its the sort of
>>solution that big companies with lots of IS resources come up with.
>>EDI is just e-mail. Sure, its application to application rather
>>than person to person, but its just e-mail. And we need a simple
>>encryption method that is consistent so our customers' off the shelf
>>e-mail package can receive a person to person or application to
>>application message and decrypt it.
>>So encryption of just part of the EDI message is a solution with no
>>long term future for 99.9 percent of businesses around the world.
>>If that means that all the good work you did on X12.58 while at
>>Sterling is a complete waste of time and effort, then all I can do
>>is commiserate, and admit that in the past I too have wasted time on
>>proprietary EDI solutions that will never be implemented.
>>Regards Mark
>>
>>
>>
>> * * * * * * * * * * * * * * * * * * * *
>>* Message From : HUGHES, MARK *
>>* Location : AUSTRALIA-CCA HDQ *
>>* KOMAIL ID : N17503 (CCAMCQN1) *
>>* Date and Time: 05/22/96 17:04:35 *
>> * * * * * * * * * * * * * * * * * * * *
>>
>>
------------------------------------------------------
| Rik Drummond - The Drummond Group |
| 5008 Bentwood Ct., Ft. Worth, TX 76132 USA |
| Voice: 817 294 7339 Fax: 817 294 7950 |
------------------------------------------------------