headers
Rik Drummond | 3 Apr 1997 00:02

EDIINT IETF Meeting Time

THURSDAY, April 10, 1997

0830-0900  Continental Breakfast
0900-1130  Morning Sessions

Memphis A   APP  ediint   Electronic Data Interchange-Internet Integr.
WG
Permalink | Reply | 0 comments |
headers
Jonathan Allen | 3 Apr 1997 09:39
Picon
Picon

UK Encryption/Signature Ban

This came out on another list I follow, and apologies if any of you
have already seen it.

Can I ask people here, bearing in mind how encompassing it appears
to be in terms of both encryption and signature keys, what effect
it is likely to have upon the work this group has done.

Jonathan
+++
------- Start of forwarded message -------
Date: 21 Mar 1997 10:11:57 GMT
From: rja14 <at> cl.cam.ac.uk (Ross Anderson)
Approved: R.E.Wolff <at> BitWizard.nl
Subject: DTI proposals on key escrow

The British government's Department of Trade and Industry has sneaked out
proposals on licensing encryption services. Their effect will be to ban PGP
and much more besides.

I have put a copy on http://www.cl.cam.ac.uk/users/rja14/dti.html as
their own web server appears to be conveniently down.

Licensing will be mandatory:

      We intend that it will be a criminal offence for a body to offer 
      or provide licensable encryption services to the UK public without 
      a valid licence

The scope of licensing is broad:
(Continue reading)

Permalink | Reply | 0 comments |
headers
grscott | 3 Apr 1997 16:17
Picon

New (proposed) US Encryption Controls

Jonathan Allen raises questions regarding the effect on the work of this group 
that might obtain if measures currently being discussed in the UK are 
implemented. I point out that the Clinton administration is currently seeking a
sponsor for legislation it would like to see enacted -- a brief summary of which 
is enclosed below.  See the URL for full text.  

An additional very interesting excerpt from the written statement of William P. 
Crowell, Deputy Director of the NSA, to the House Committee on the Judiciary, 
Subcommittee on Courts and Intellectual Property hearing on H.695 "Safe Act",
can be found in a newsgroup posting by David Sterlight on March 24th to
comp.security.misc.  Becauseit's quite long, I've not included it; however, an 
AltaVista (Usenet) search similiar to the one below will quickly turn it up:  

        subject:"NSA speaks" and from:sternlight

While the technical impact on this group's work might not be severe, the 
business impact might be enormous.

Richard
================================================================================

(1) ADMINISTRATION PROPOSES DOMESTIC ENCRYPTION CONTROLS

The Clinton Administration has drafted legislation to control the domestic
use of encryption technologies and compel participation in key recovery
systems open to the government. The bill would:

* Create a vast new government-dominated "key management infrastructure"
  designed to be a prerequisite for participation in electronic
  commerce.
(Continue reading)

Permalink | Reply | 0 comments |
headers
±ÇÀº°æ | 9 Apr 1997 03:23
Picon

SET (Secure Electronic Transaction) versus INTEDI ?

Hello everybody.

In some materials, the followings are written.
" SET standard : The security protocol which is used for the transaction 
with card over internet.
                          Many companies like Visa, Master 
Card,Microsoft,IBM,Netscape,GTE are involved
                          in making the standard"

What is the difference between INTEDI(edi over internet) and SET ? Briefly 
encryption-part seems to be almost same, message-tracking and delivery 
notification are included in only INTEDI but linking issue in SET. But I 
want to have more detailed comparison information. If SET will widely 
spread, INTEDI would become meaningless. Is it right ? Otherwise, is the 
target of SET differ from one of INTEDI ?

Thanks in advance.

from Kwon eun kyeong. (ekkwon <at> ktnet.co.kr)
Permalink | Reply | 0 comments |
headers
Rik Drummond | 12 Apr 1997 12:13

Re: Interorganizational EDI security informational draft

Please make the first several letter of your subject something like
EDISEC on all messages. That will help everyone keep these subjects
clear. 

Looks go. What are the time frames for your deliverables? Please let me
know.....later....Rik

The Brain wrote:
> 
> At the meeting this week, it was decided that a document should be written identifying the issues which
crop up when dealing with implementing EDI solutions on the internet accross organizational
boundaries.  What follows is a tentative title, a list of key issues to be examined, and a list of authors and
readers for the draft.  What we need from everyone on the list are examples or cases of problems which have
been encountered that fall into one of the areas in the following list of issues, or
> 
> Tentative title:  Discussion of Issues for the support of Internet based EDI across organizational boundaries.
> 
> Key Issue areas to be examined:
> 
> 1. Boundary/Gateway crossing issues (such as firewalls)
> 2. Organizational Policy issues
> 3. Transitive trust issues
> 4. Certificate/Public Key/Certification Authority issues
> 5. VAN/leased line/dialup issues
> 
> The co-authors on the draft:
> 
> John DesJardins     jdesjard <at> nicom.com
> Marc Blanchet        Marc.Blanchet <at> viagenie.qc.ca
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
The Brain | 11 Apr 1997 23:50

Interorganizational EDI security informational draft

At the meeting this week, it was decided that a document should be written identifying the issues which crop
up when dealing with implementing EDI solutions on the internet accross organizational boundaries. 
What follows is a tentative title, a list of key issues to be examined, and a list of authors and readers for
the draft.  What we need from everyone on the list are examples or cases of problems which have been
encountered that fall into one of the areas in the following list of issues, or other comments.  Please
review and forward comments to the list or to John or Marc.

Tentative title:  Discussion of Issues for the support of Internet based EDI across organizational boundaries.

Key Issue areas to be examined:

1. Boundary/Gateway crossing issues (such as firewalls)
2. Organizational Policy issues
3. Transitive trust issues
4. Certificate/Public Key/Certification Authority issues
5. VAN/leased line/dialup issues

The co-authors on the draft:

John DesJardins     jdesjard <at> nicom.com
Marc Blanchet        Marc.Blanchet <at> viagenie.qc.ca

The readers/editors:

Dale Moberg
Jan Pachl
Paul Ford-Hutchinson
Maria Gallagher

Rik Please forward to the EDIINT list
(Continue reading)

Permalink | Reply | 2 comments |
headers
Carl Hage | 12 Apr 1997 02:58

EDISEC: EDI security informational draft

References: <01BC46A0.C790D280 <at> res-as1-34.nicom.com> <334F604E.7BD <at> onramp.net>
Organization: C. Hage Associates, Sunnyvale, CA

Rik Drummond (drummond <at> onramp.net) wrote:

: The Brain wrote:
: > 
: > At the meeting this week, it was decided that a document should be
written identifying the issues which crop up when dealing with
implementing EDI solutions on the internet accross organizational
boundaries.

There seems to be a redundancy-- EDI across the internet means
across organizational boundaries.

It seems like there may be a problem with nomenclature or definitions.
I don't see what this is supposed to be. Does this mean "What issues
are involved with implementing EDIINT?"

  What follows is a tentative title, a list of key issues to be
examined, and a list of authors and readers for the draft.  What we need
from everyone on the list are examples or cases of problems which have
been encountered that fall into one of the areas in the following list of
issues, or
: > 
: > Tentative title:  Discussion of Issues for the support of Internet based EDI across organizational boundaries.

I would drop "across organizational boundaries", since that's implicit with
EDI and Internet.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Rik Drummond | 12 Apr 1997 05:20

Re: Interorganizational EDI security informational draft

I will be out of pocket next week and will not be reading email most of
the week. I will be back on the 18th....have a great week of
progress.....later..rik

The Brain wrote:
> 
> At the meeting this week, it was decided that a document should be written identifying the issues which
crop up when dealing with implementing EDI solutions on the internet accross organizational
boundaries.  What follows is a tentative title, a list of key issues to be examined, and a list of authors and
readers for the draft.  What we need from everyone on the list are examples or cases of problems which have
been encountered that fall into one of the areas in the following list of issues, or
> 
> Tentative title:  Discussion of Issues for the support of Internet based EDI across organizational boundaries.
> 
> Key Issue areas to be examined:
> 
> 1. Boundary/Gateway crossing issues (such as firewalls)
> 2. Organizational Policy issues
> 3. Transitive trust issues
> 4. Certificate/Public Key/Certification Authority issues
> 5. VAN/leased line/dialup issues
> 
> The co-authors on the draft:
> 
> John DesJardins     jdesjard <at> nicom.com
> Marc Blanchet        Marc.Blanchet <at> viagenie.qc.ca
> 
> The readers/editors:
> 
> Dale Moberg
(Continue reading)

Permalink | Reply | 0 comments |
headers
Rik Drummond | 13 Apr 1997 01:12

EDIINT Status

Our meeting at IETF went well. We will be forwarding the drafts to the
next IETF stage very shortly. We are just about done with the the first
part of the effort. We will be starting Process-to-Process EDI next on
the ietf-ediint <at> imc.org list.

I appreciate all of your effort in these area.  We have done it!

I will be out out touch until April 18, 1997 for email and phone.

I will see you in about a week.

Later, Rik
Permalink | Reply | 0 comments |
headers
Karen Rosenthal | 15 Apr 1997 16:21

Re: [Fwd: Boundary Stuff]

Hi Chuck,

Jun and I have been discussing signing the multipart/report MDN within a
multipart/signed.  I thought it best for us to share this with the
list.  The point in question is whether or not to include the line
delimiter preceding the multipart/signed mid-boundary, in the signature
over the MDN.

We don't appear to have an issue with plain EDI data within
multipart/signed - we're verifying Actra's signature just fine, meaning
you're not including the line delimiter preceding the multipart/signed
boundary in the signature over the EDI data.  I think the confusion
comes in w/ multipart/report within multipart/signed, since we have two
back-to-back boundaries.  I quess the question is whether the <line
delimiter in question!> is the line delimiter for the MDN end boundary,
or the multipart/signed mid-boundary.  I believe the answer is that it's
both!

	--boundary_MDN--<line delimiter in question!>
	--boundary_multipart_signed

Anyways, your recent response to Jun indicates that you sign the <line
delimiter in question!>, but this conflicts with the message sent on 3/3
that indicates that you would not.  I seem to be at a loss for finding
'the' RFC that answers this definitively!

Regards,
Karen 

----------------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 1 comment |

Gmane