Andrew Patterson wrote: >As I understand it, SSL has a very subtle problem >which is that the PKI certificates >are consumed at lower layers in the establishment of >the HTTPS connection ,and are hence not available for >non-repudiation of the actual payload. So whilst we >can connect and mutually authenticate to each >other, once the connection is finished, the only proof >we had of each others identity, or proof of the content >of the message is whatever we have logged in our >systems. And that may be fine, and is certainly as >much as most systems are doing today. But the >WS Security standard actually allows the payload >to be signed and encrypted, allowing both ends >to mutually authenticate, but also keep a signed >record of the message payload. >I think this is generally considered the way to go >(especially in health where non-repudiation of >messages may be important) > > This is certainly not my experience with open sourced PKI and SSL.
David -- For secure communication with the GMC see http://gmc.net.au gpg key Secure Mail (Current 10 February 2005) <[EMAIL PROTECTED]> 0x9CAE0C53 at keyserver.medicine.net.au _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
