-----BEGIN PGP SIGNED MESSAGE----- "R.A. Hettinga" <[EMAIL PROTECTED]> writes:
> <http://sys-con.com/story/print.cfm?storyid=47592> > But SSL's greatest weakness is that it is oriented toward synchronous > transactions, requiring a direct connection between participants. Yep. Makes it difficult to thwart traffic analysis. > Security in the Message > The solution to this problem, as put forth in standards by OASIS and > the W3C, is to absorb security into the message itself. That is, > provide a means of authentication, integrity, and confidentiality > that is integral to the message, and completely decoupled from > transport channels. ... the way encrypted email has always been. > The Trend Away from Channel-Level Security > ... Furthermore, everyone is building systems predicated to have key > pairs on both sides of a transaction: at the message producer > (client), and the message consumer (server). > ... SSL is sufficient for Web-like, client/server application, but > large enterprise computing is built on asynchronous messaging; This is welcome news also for pseudonymous p2p commerce. > So PKI is back. Maybe a work-around can be devised. > Scott Morrison D. Popkin -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQBVAwUBQdDl3PPsjZpmLV0BAQGyVAIAu5Zc+PFv8CuKkzFv3hmnkIlZ/bXVmMNQ zg2o1rG/4omH5RFn9B4VXJsCxespviw+Ysnpa31XgQ8f9LdxYCIz4w== =MbdB -----END PGP SIGNATURE-----
