Dick Brooks | 9 Jan 19:39 2002

RE: I-D ACTION:draft-ietf-ediint-as2-10.txt


Please change the following section in the latest AS2 draft, ref
http://www.ietf.org/internet-drafts/draft-ietf-ediint-as2-10.txt:

G.  Authors' Addresses

    Dale Moberg
    dale_moberg <at> stercomm.com
    Sterling Commerce
    4600 Lakehurst Ct.
    Dublin, OH 43016 USA

    Dick Brooks
    dick <at> 8760.com
    Group 8760
    110 12th Street North
    Suite F103
    Birmingham, Alabama 35203
    Tel: 205-250-8053

Dale is no longer with Sterling Commerce.

I am also with a new employer, please change my contact information to:

Dick Brooks
dick.brooks <at> systrends.com
Systrends, Inc
7855 South River Parkway, Suite 111
Tempe, Arizona 85284
Web: www.systrends.com <http://www.systrends.com>
(Continue reading)

Paul V Ford-Hutchinson | 14 Jan 11:59 2002
Picon

Re: MIME-based Secure EDI -- AS1


David Fischer wrote:

>After reading the comments from the Last Call on AS1, it seems there
>are two concerns:
>1)  The name might suggest that all EDI on the Internet would be done 
>this way.
>
>2)  There is some dissent to the way in which security is applied 
>in this spec.

I also raised the issues that 

- there are too many options  (in general options are considered bad in a 
protocol)
- there are proposed modes of operation that offer no security whatsoever.

And so ..

- options should be reduced/removed
- all proposed mechanisms should offer a basic level of security 
(confidentiality, authentication and integrity)

The IETF should be asserting the security high-ground and not allow 
insecure, lowest common denominator mechanisms to be defined.  Perhaps we 
should ask for guidance from the SAAG ?

Paul

--
(Continue reading)

David Fischer | 14 Jan 15:47 2002

RE: MIME-based Secure EDI -- AS1


You want to remove the option for someone to use AS1 without security?

David Fischer
Drummond Group.

-----Original Message-----
From: owner-ietf-ediint <at> mail.imc.org
[mailto:owner-ietf-ediint <at> mail.imc.org]On Behalf Of Paul V
Ford-Hutchinson
Sent: Monday, January 14, 2002 5:00 AM
To: ietf-ediint <at> imc.org
Subject: Re: MIME-based Secure EDI -- AS1

David Fischer wrote:

>After reading the comments from the Last Call on AS1, it seems there
>are two concerns:
>1)  The name might suggest that all EDI on the Internet would be done 
>this way.
>
>2)  There is some dissent to the way in which security is applied 
>in this spec.

I also raised the issues that 

- there are too many options  (in general options are considered bad in a 
protocol)
- there are proposed modes of operation that offer no security whatsoever.

(Continue reading)

Paul V Ford-Hutchinson | 14 Jan 16:03 2002
Picon

RE: MIME-based Secure EDI -- AS1


David Fischer wrote

> You want to remove the option for someone to use AS1 without security?

Unless it can be explained how this option  is "MIME-based Secure 
Peer-to-Peer EDI over the Internet"

It's that troublesome "Secure" word that bothers me.

Paul

--
Paul Ford-Hutchinson :  eCommerce application security : 
paulfordh <at> uk.ibm.com
MPT-6, IBM , PO Box 31, Birmingham Rd, Warwick, CV34 5JL +44 (0)1926 
462005
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html


Gmane