> This is certainly not my experience with open sourced PKI and SSL. Its got nothing to do with open source/closed source or any particular implementation.
The SSL/TLS protocol is a _transport_ level protocol. It is used to secure sequences of bytes between machines, and to allow PKI to authenticate either/both ends of the transport. The PKI certificate used to authenticate the transport is not available to non-repudiate the payload. WS Security goes beyond that, and allows _message_ level authentication, which allows the retention of the digitally signed message, and hence provides non-repudiation. Like I said, its quite a subtle problem (that is not important in 99% of cases). But I can see why if you were recommending a standard for the future you would go for it. Andrew _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
