W3C home > Mailing lists > Public > xml-dist-app@w3.org > March 2001

Security

From: Joseph Ashwood <jashwood@arcot.com>
Date: Thu, 15 Mar 2001 14:31:42 -0800
Message-ID: <035801c0ada0$373c3880$2a0210ac@livermore>
To: <xml-dist-app@w3.org>
This conversation pretty much started on the SOAP list but I think it's far
more applicable here.

To give a quick summary of what has happened so far:
There are no encryption/integrity methods that are really suitable for
remote procedure calls. So it has been suggested that progress be made in
that direction. This stems from a requirement for burst-type communications
(commonly done over SMTP for SOAP), where negotiations are difficult.

I was going to look into this some but I'm not sure what requirements people
are likely to have. Do you want enough rope to be able to hang yourself very
thoroughly? Or do you want strong guidelines that will limit diversity, but
give you only solutions that are strong?

What suitable compromises do you want to see? Do you want only a small
number of ciphers , MAC, etc, that are secure and freely available? or do
you want to be able to put your own prefered ciphers to use with minimal
trouble?

Any input would be greatly appreciated.
                Joe
Received on Thursday, 15 March 2001 17:36:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:58:59 GMT