Andrew Patterson wrote: >>This is certainly not my experience with open sourced PKI and SSL. >> >> > >Its got nothing to do with open source/closed source >or any particular implementation. > >The SSL/TLS protocol is a _transport_ level protocol. >It is used to secure sequences of >bytes between machines, and to allow PKI to authenticate >either/both ends of the transport. >The PKI certificate used to authenticate the transport >is not available to non-repudiate the payload. > >WS Security goes beyond that, and allows >_message_ level authentication, which >allows the retention of the digitally signed message, >and hence provides non-repudiation. > >Like I said, its quite a subtle problem (that is not >important in 99% of cases). But I can see why if >you were recommending a standard for the future >you would go for it. > > Of course you need (and we used) different certificates for transport and payload. This belt and braces approach is reasonable between technically literate groups but I accept for end users it is reasonable to sacrifice the transport layer.
I suspect that the Medical Objects model would accommodate both however. David -- For secure communication with the GMC see http://gmc.net.au gpg key Secure Mail (Current 10 February 2005) <[EMAIL PROTECTED]> 0x9CAE0C53 at keyserver.medicine.net.au _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
