Thomas Beale wrote: > Let me pose the question another way: > > * what standard or other open specification can openEHR point to that > accurately specifies the format of digital digests and signatures of EHR > data? It has to be something avalable to everyone, and implementable > (preferably already implemented)?
Surely one (or more) of the X.509 pkix RFCs covers this? See http://www.ietf.org/html.charters/pkix-charter.html Or the very widely used and implemented RSA Labs PKCS "standards" - see http://en.wikipedia.org/wiki/PKCS And I dare say that the openSSL library implements whichever one of these standards is relevant. Sorry, no time to research exactly which standard you should look at, and its not the sort of information I like to have hanging around in my cranium (if I can help it). PGP/GPG is fab but mention it is not "enterprise-friendly" - mention it in any large corporate setting and the IT people will wrinkle their noses and claim not to have heard of it or mutter disparaging remarks about hackers who ought to be in gaol. Whether they would react the same way to the mere use of a GnuPG signature format is another question, but if you mention X.509, PKCS or pkix compliance then there will be nods and smiles all round from the corporate IT guys. Tim C
